summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-09-04 13:40:37 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-09-12 12:39:05 -0500
commitedd986d94f173ea9f63f105eaf0039327bc6f2e9 (patch)
tree30ceb67ee163b1cff0b8a1f0a03ba42b325eb743
parent7c622a4e5714af8f83ce30022c970cc36c2ee597 (diff)
downloadpki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.tar.gz
pki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.tar.xz
pki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.zip
Fixed SELinux error during pkidestroy.
When removing a subsystem the pkidestroy would also remove the SELinux contexts for the instance regardless of whether there are still other subsystems in the instance. The code has been fixed such that it's removing the SELinux contexts when deleting the last subsystem only. Ticket #89
-rw-r--r--base/deploy/src/scriptlets/selinux_setup.py96
1 files changed, 68 insertions, 28 deletions
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 38cc17f0a..58ec3ad4e 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -49,25 +49,44 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
self.restore_context()
return self.rv
- trans = seobject.semanageRecords("targeted")
- trans.start()
- if master['pki_instance_name'] != \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
- fcon1 = seobject.fcontextRecords()
- fcon1.add(master['pki_instance_path'] + self.suffix,
+ # add SELinux contexts when adding the first subsystem
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ util.instance.apache_instance_subsystems() == 1 or\
+ master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ util.instance.tomcat_instance_subsystems() == 1:
+
+ trans = seobject.semanageRecords("targeted")
+ trans.start()
+ if master['pki_instance_name'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
+
+ fcon = seobject.fcontextRecords()
+
+ config.pki_log.info("adding selinux fcontext \"%s\"",
+ master['pki_instance_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.add(master['pki_instance_path'] + self.suffix,
config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "")
- fcon2 = seobject.fcontextRecords()
- fcon2.add(master['pki_instance_log_path'] + self.suffix,
+ config.pki_log.info("adding selinux fcontext \"%s\"",
+ master['pki_instance_log_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.add(master['pki_instance_log_path'] + self.suffix,
config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "")
- fcon3 = seobject.fcontextRecords()
- fcon3.add(master['pki_instance_configuration_path'] + self.suffix,
+ config.pki_log.info("adding selinux fcontext \"%s\"",
+ master['pki_instance_configuration_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.add(master['pki_instance_configuration_path'] + self.suffix,
config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "")
- for port in ports:
- port1 = seobject.portRecords()
- port1.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT)
- trans.finish()
+
+ portRecords = seobject.portRecords()
+ for port in ports:
+ config.pki_log.info("adding selinux port %s", port,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT)
+
+ trans.finish()
self.restore_context()
return self.rv
@@ -87,21 +106,42 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
return self.rv
- trans = seobject.semanageRecords("targeted")
- trans.start()
- if master['pki_instance_name'] != \
- config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
- fcon1 = seobject.fcontextRecords()
- fcon1.delete(master['pki_instance_path'] + self.suffix , "")
+ # remove SELinux contexts when removing the last subsystem
+ if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\
+ util.instance.apache_instance_subsystems() == 0 or\
+ master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\
+ util.instance.tomcat_instance_subsystems() == 0:
+
+ trans = seobject.semanageRecords("targeted")
+ trans.start()
- fcon2 = seobject.fcontextRecords()
- fcon2.delete(master['pki_instance_log_path'] + self.suffix, "")
+ if master['pki_instance_name'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:
- fcon3 = seobject.fcontextRecords()
- fcon3.delete(master['pki_instance_configuration_path'] + \
+ fcon = seobject.fcontextRecords()
+
+ config.pki_log.info("deleting selinux fcontext \"%s\"",
+ master['pki_instance_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.delete(master['pki_instance_path'] + self.suffix , "")
+
+ config.pki_log.info("deleting selinux fcontext \"%s\"",
+ master['pki_instance_log_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.delete(master['pki_instance_log_path'] + self.suffix, "")
+
+ config.pki_log.info("deleting selinux fcontext \"%s\"",
+ master['pki_instance_configuration_path'] + self.suffix,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ fcon.delete(master['pki_instance_configuration_path'] + \
self.suffix, "")
- for port in ports:
- port1 = seobject.portRecords()
- port1.delete(port, "tcp")
- trans.finish()
+
+ portRecords = seobject.portRecords()
+ for port in ports:
+ config.pki_log.info("deleting selinux port %s", port,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ portRecords.delete(port, "tcp")
+
+ trans.finish()
+
return self.rv