[krb5/f18] conflict with SELinux policy that breaks kdc stop

Nalin Dahyabhai nalin at fedoraproject.org
Mon Jan 7 15:05:45 UTC 2013 

commit 1201ccf29829c4146e88290b64c28e6ba571fd1f
Author: Nalin Dahyabhai <nalin at redhat.com>
Date:   Mon Jan 7 10:01:01 2013 -0500

    conflict with SELinux policy that breaks kdc stop
    
    - make -server conflict with older versions of SELinux policy that didn't
      allow us to use eventfds, which libverto's backend may depend on in order
      to properly shut down a multi-worker KDC (#871524)
    - apply that last patch with the right -p value

 krb5.spec |   13 ++++++++++---
 1 files changed, 10 insertions(+), 3 deletions(-)
---
diff --git a/krb5.spec b/krb5.spec
index b37cc97..eed42e7 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -29,7 +29,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.10.3
-Release: 10%{?dist}
+Release: 11%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -186,6 +186,8 @@ Requires: coreutils
 Requires: /usr/share/dict/words
 # portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
 Requires: portreserve
+# conflict with policy that didn't allow us to use eventfds, which libverto uses
+Conflicts: selinux-policy < 3.7.19-177.el6
 %if %{WITH_SYSVERTO}
 # for run-time, and for parts of the test suite
 BuildRequires: libverto-module-base
@@ -285,7 +287,7 @@ ln -s NOTICE LICENSE
 %patch110 -p1 -b .keytab-etype-corners-prep
 %patch111 -p1 -b .keytab-etype-corners
 %patch112 -p1 -b .timeout_over
-%patch113 -p1 -b .kldap-lastadminunlock
+%patch113 -p0 -b .kldap-lastadminunlock
 rm src/lib/krb5/krb/deltat.c
 
 gzip doc/*.ps
@@ -397,7 +399,7 @@ env LD_LIBRARY_PATH=`pwd`/src/lib \
 	-L src/lib `./src/krb5-config --libs kdb`
 
 %check
-# Run the test suite. We can't actually run the whole thing in the build system.
+# Run the test suite.  Just parts that we can actually run in the build system.
 make -C src fake-install
 : make -C src check TMPDIR=%{_tmppath}
 make -C src/lib check TMPDIR=%{_tmppath}
@@ -852,6 +854,11 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Mon Jan  7 2013 Nalin Dahyabhai <nalin at redhat.com> 1.10.3-11
+- make -server conflict with older versions of SELinux policy that didn't
+  allow us to use eventfds, which libverto's backend may depend on in order
+  to properly shut down a multi-worker KDC (#871524)
+
 * Thu Dec 13 2012 Nalin Dahyabhai <nalin at redhat.com> 1.10.3-10
 - libkdb_ldap: add a workaround to keep the KDC from attempting to write to an
   entry's krbLastAdminUnlock attribute on every AS request (#860759, RT#7502)

More information about the scm-commits mailing list