Add SELinux policy for UI assets

This also removes the Index option of /ipa-assets as well as the
deprecated IPADebug option.

No need to build or install ipa_webgui anymore. Leaving in the code
for reference purposes for now.

install/conf/ipa.conf

@@ -39,7 +39,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::xmlrpc
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/xml
   PythonAutoReload Off
 </Location>
@@ -49,7 +48,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::jsonrpc
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/json
   PythonAutoReload Off
 </Location>
@@ -59,7 +57,6 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonInterpreter main_interpreter
   PythonHandler ipaserver::webui
   PythonDebug Off
-  PythonOption IPADebug Off
   PythonOption SCRIPT_NAME /ipa/ui
   PythonAutoReload Off
 </Location>
@@ -68,7 +65,8 @@ Alias /ipa-assets/ "/var/cache/ipa/assets/"
 <Directory "/var/cache/ipa/assets">
   Allow from all
   AllowOverride None
-  Options Indexes FollowSymLinks
+  # add Indexes to Options to allow browsing
+  Options FollowSymLinks
   ExpiresActive On
   ExpiresDefault A31536000
 </Directory>

install/tools/ipa-server-install

@@ -674,7 +674,8 @@ def main():
     krb = krbinstance.KrbInstance(fstore)
     krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
 
-   # Render webui assets:
+    # Render webui assets:
+    ipautil.run(["/sbin/restorecon", ASSETS_DIR])
     render_assets()
 
     # Create a HTTP instance
@@ -691,6 +692,7 @@ def main():
         os.remove(pw_name)
     else:
         http.create_instance(realm_name, host_name, domain_name, autoconfig=True, self_signed_ca=not options.ca)
+    ipautil.run(["/sbin/restorecon", "/var/cache/ipa/sessions"])
 
     # Create the config file
     fstore.backup_file("/etc/ipa/ipa.conf")