rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The Identity, Policy and Audit system
104 Commits 17 Branches 116 Tags 12 MiB
Diff 100%
a33b200323
Go to file
Petr Vobornik a33b200323 Workarounds for SELinux execmem violations in cryptography 
ipaserver.dcerpc uses M2Crypto again on Python 2.7 and Dogtag's
pki.client no longer tries to use PyOpenSSL instead of Python's ssl
module.

Some dependencies like Dogtag's pki.client library and custodia use
python-requsts to make HTTPS connection. python-requests prefers
PyOpenSSL over Python's stdlib ssl module. PyOpenSSL is build on top
of python-cryptography which trigger a execmem SELinux violation
in the context of Apache HTTPD (httpd_execmem).
When requests is imported, it always tries to import pyopenssl glue
code from urllib3's contrib directory. The import of PyOpenSSL is
enough to trigger the SELinux denial.
A hack in wsgi.py prevents the import by raising an ImportError.
2015-12-08 21:28:39 +01:00
.gitignore Update to upstream 4.2.3 2015-11-02 19:58:16 +01:00
0001-Workarounds-for-SELinux-execmem-violations-in-crypto.patch Workarounds for SELinux execmem violations in cryptography 2015-12-08 21:28:39 +01:00
freeipa.spec Workarounds for SELinux execmem violations in cryptography 2015-12-08 21:28:39 +01:00
sources Update to upstream 4.2.3 2015-11-02 19:58:16 +01:00