diff options
| author | Tomas Babej <tbabej@redhat.com> | 2014-05-26 17:23:04 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-06-16 19:48:18 +0200 |
| commit | 6a4cd8a4e33fba68c89d6046a98adb790c401041 (patch) | |
| tree | 14dbb08aa0ddef32282958bff5dbb61af7ab2058 /ipaplatform/fedora | |
| parent | c465eb842f8b6637268ae790b3cee5a88a5e1544 (diff) | |
| download | freeipa-6a4cd8a4e33fba68c89d6046a98adb790c401041.tar.gz freeipa-6a4cd8a4e33fba68c89d6046a98adb790c401041.tar.xz freeipa-6a4cd8a4e33fba68c89d6046a98adb790c401041.zip | |
ipaplatform: Move restore_context and check_selinux_status implementations to base fedora platform tasks
https://fedorahosted.org/freeipa/ticket/4052
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaplatform/fedora')
| -rw-r--r-- | ipaplatform/fedora/tasks.py | 62 |
1 files changed, 59 insertions, 3 deletions
diff --git a/ipaplatform/fedora/tasks.py b/ipaplatform/fedora/tasks.py index 48a4ca70e..841b3d4e0 100644 --- a/ipaplatform/fedora/tasks.py +++ b/ipaplatform/fedora/tasks.py @@ -1,7 +1,8 @@ -# Authors: -# Tomas Babej <tbabej@redhat.com> +# Authors: Simo Sorce <ssorce@redhat.com> +# Alexander Bokovoy <abokovoy@redhat.com> +# Tomas Babej <tbabej@redhat.com> # -# Copyright (C) 2014 Red Hat +# Copyright (C) 2007-2014 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -20,3 +21,58 @@ ''' This module contains default Fedora-specific implementations of system tasks. ''' + +import os +import ipautil + +from ipaplatform.base.tasks import * + + +def restore_context(filepath, restorecon='/sbin/restorecon'): + """ + restore security context on the file path + SELinux equivalent is /path/to/restorecon <filepath> + + restorecon's return values are not reliable so we have to + ignore them (BZ #739604). + + ipautil.run() will do the logging. + """ + try: + if os.path.exists('/usr/sbin/selinuxenabled'): + ipautil.run(["/usr/sbin/selinuxenabled"]) + else: + # No selinuxenabled, no SELinux + return + except ipautil.CalledProcessError: + # selinuxenabled returns 1 if not enabled + return + + if (os.path.exists(restorecon)): + ipautil.run([restorecon, filepath], raiseonerr=False) + + +def check_selinux_status(restorecon='/sbin/restorecon'): + """ + We don't have a specific package requirement for policycoreutils + which provides restorecon. This is because we don't require + SELinux on client installs. However if SELinux is enabled then + this package is required. + + This function returns nothing but may raise a Runtime exception + if SELinux is enabled but restorecon is not available. + """ + try: + if os.path.exists('/usr/sbin/selinuxenabled'): + ipautil.run(["/usr/sbin/selinuxenabled"]) + else: + # No selinuxenabled, no SELinux + return + except ipautil.CalledProcessError: + # selinuxenabled returns 1 if not enabled + return + + if not os.path.exists(restorecon): + raise RuntimeError('SELinux is enabled but %s does not exist.\n' + 'Install the policycoreutils package and start the ' + 'installation again.' % restorecon) |