rpm: don't turn off selinux

diff --git a/distro/rpm/knot-resolver.spec b/distro/rpm/knot-resolver.spec
index 26b37b60e01688cd583fc6e257af2178bf8920bc..5fbe65b4934ece3fd9149885e12cbe221386a100 100644 (file)
--- a/distro/rpm/knot-resolver.spec
+++ b/distro/rpm/knot-resolver.spec
@@ -77,12 +77,7 @@ a state-machine like API for extensions.
 
 The package is pre-configured as local caching resolver.
 To start using it, start a single kresd instance:
-# systemctl start kresd@1.service
-
-If you run into issues with activation of the service or its sockets, either
-update your selinux-policy package or turn off selinux (setenforce 0).
-https://bugzilla.redhat.com/show_bug.cgi?id=1366968
-https://bugzilla.redhat.com/show_bug.cgi?id=1543049
+$ systemctl start kresd@1.service
 
 %package devel
 Summary:        Development headers for Knot DNS Resolver
@@ -159,7 +154,7 @@ install -m 0644 -p %{repodir}/systemd/kresd-tls.socket %{buildroot}%{_unitdir}/k
 mkdir -p %{buildroot}%{_tmpfilesdir}
 install -m 0644 -p %{repodir}/systemd/tmpfiles/knot-resolver.conf %{buildroot}%{_tmpfilesdir}/knot-resolver.conf
 mkdir -p %{buildroot}%{_rundir}
-install -m 750 -d %{buildroot}%{_rundir}/knot-resolver
+install -m 0750 -d %{buildroot}%{_rundir}/knot-resolver
 
 # install cache
 mkdir -p %{buildroot}%{_localstatedir}/cache

diff --git a/distro/tests/knot-resolver-test.yaml b/distro/tests/knot-resolver-test.yaml
index 63936aa9e2a5238ef771d39df291596740f65b03..9f0a4c744ff17a87c139c9696c0a0494f329dbbd 100644 (file)
--- a/distro/tests/knot-resolver-test.yaml
+++ b/distro/tests/knot-resolver-test.yaml
@@ -82,10 +82,10 @@
         name: "{{ dig_package[ansible_distribution] }}"
         state: present
 
-    - name: turn off SELinux
-      selinux:
-        policy: targeted
-        state: permissive
+    - name: update selinux-policy
+      package:
+        name: selinux-policy
+        state: latest
       when: ansible_distribution in ['RedHat', 'Fedora']
 
     - name: start kresd@1.service