mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
Use temporary pid file for chronyd -q task
chrony is causing an SELinux denial because of chronyd was not spawned using systemd and the command creates a pidfile for unconfined proccess in /var/run with SELinux label: unconfined_u:object_r:var_run_t:s0 Following chronyd daemon enablement with systemd will fail due to mismatched SELinux labels on chronyd pidfile. chronyd pidfile should be labeled with the following label: system_u:object_r:chronyd_var_run_t:s0 This also changes bindcmdaddress to not touch /var/run/chrony. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
e16e5cd0a6
commit
5929d5d872
@ -665,7 +665,8 @@ def sync_time(host, server):
|
||||
|
||||
host.run_command(['systemctl', 'stop', 'chronyd'])
|
||||
host.run_command(['chronyd', '-q',
|
||||
"server {srv} iburst".format(srv=server.hostname)])
|
||||
"server {srv} iburst".format(srv=server.hostname),
|
||||
'pidfile /tmp/chronyd.pid', 'bindcmdaddress /'])
|
||||
|
||||
|
||||
def connect_replica(master, replica, domain_level=None):
|
||||
|
Loading…
Reference in New Issue
Block a user