From d7b1c99abd516b54e302acb775c9e01295fc616a Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Thu, 15 Oct 2009 09:31:52 -0700 Subject: Expose dirsrv SELinux policy interface. This adds a number of interface macros to the dirsrv SELinux policy module. These macros are intended for use by the Administration Server SELinux policy that is currently being developed. I also made some changes to the setup code that labels newly created directories. When the first instance is created, some top-level directories are created that were not being labeled properly. --- ldap/admin/src/scripts/DSCreate.pm.in | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'ldap/admin/src/scripts') diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index 96930dfd..43fd1d9d 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -903,7 +903,21 @@ sub updateSelinuxPolicy { # if selinux is not available, do nothing if ("@with_selinux@") { - # run restorecon on all directories we created + my $localstatedir = $inf->{slapd}->{localstatedir}; + + # run restorecon on all of the parent directories we + # may have created (this only happens if this is the + # first instance created). + if ("@with_fhs_opt@") { + system("restorecon -R $localstatedir/@PACKAGE_NAME@"); + } else { + system("restorecon -R $localstatedir/lock/@PACKAGE_NAME@"); + system("restorecon -R $localstatedir/log/@PACKAGE_NAME@"); + system("restorecon -R $localstatedir/run/@PACKAGE_NAME@"); + system("restorecon -R $localstatedir/lib/@PACKAGE_NAME@"); + } + + # run restorecon on all instance directories we created for my $kw (qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir cert_dir db_dir ldif_dir bak_dir)) { my $dir = $inf->{slapd}->{$kw}; -- cgit