From e9ed7f7ca1948c1eded115f215b914987b79cea7 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 22 Feb 2012 23:01:17 -0500
Subject: Don't run restorecon if SELinux is disabled or not present.

Also check for the existence of restorecon. This may be overkill but
it will prevent a client installation from failing for no good reason.

https://fedorahosted.org/freeipa/ticket/2368
---
 ipapython/platform/redhat.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'ipapython')

diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py
index aee8bcc3d..bd79a5312 100644
--- a/ipapython/platform/redhat.py
+++ b/ipapython/platform/redhat.py
@@ -140,7 +140,18 @@ def restore_context(filepath):
 
     ipautil.run() will do the logging.
     """
-    ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
+    try:
+        if (os.path.exists('/usr/sbin/selinuxenabled')):
+            ipautil.run(["/usr/sbin/selinuxenabled"])
+        else:
+            # No selinuxenabled, no SELinux
+            return
+    except ipautil.CalledProcessError:
+        # selinuxenabled returns 1 if not enabled
+        return
+
+    if (os.path.exists('/sbin/restorecon')):
+        ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
 
 def backup_and_replace_hostname(fstore, statestore, hostname):
     old_hostname = socket.gethostname()
-- 
cgit