diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-09-04 13:40:37 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-09-12 12:39:05 -0500 |
commit | edd986d94f173ea9f63f105eaf0039327bc6f2e9 (patch) | |
tree | 30ceb67ee163b1cff0b8a1f0a03ba42b325eb743 | |
parent | 7c622a4e5714af8f83ce30022c970cc36c2ee597 (diff) | |
download | pki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.tar.gz pki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.tar.xz pki-edd986d94f173ea9f63f105eaf0039327bc6f2e9.zip |
Fixed SELinux error during pkidestroy.
When removing a subsystem the pkidestroy would also remove the SELinux
contexts for the instance regardless of whether there are still other
subsystems in the instance. The code has been fixed such that it's
removing the SELinux contexts when deleting the last subsystem only.
Ticket #89
-rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 96 |
1 files changed, 68 insertions, 28 deletions
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 38cc17f0a..58ec3ad4e 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -49,25 +49,44 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): self.restore_context() return self.rv - trans = seobject.semanageRecords("targeted") - trans.start() - if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - fcon1 = seobject.fcontextRecords() - fcon1.add(master['pki_instance_path'] + self.suffix, + # add SELinux contexts when adding the first subsystem + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + util.instance.apache_instance_subsystems() == 1 or\ + master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + util.instance.tomcat_instance_subsystems() == 1: + + trans = seobject.semanageRecords("targeted") + trans.start() + if master['pki_instance_name'] != \ + config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + + fcon = seobject.fcontextRecords() + + config.pki_log.info("adding selinux fcontext \"%s\"", + master['pki_instance_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.add(master['pki_instance_path'] + self.suffix, config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") - fcon2 = seobject.fcontextRecords() - fcon2.add(master['pki_instance_log_path'] + self.suffix, + config.pki_log.info("adding selinux fcontext \"%s\"", + master['pki_instance_log_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.add(master['pki_instance_log_path'] + self.suffix, config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") - fcon3 = seobject.fcontextRecords() - fcon3.add(master['pki_instance_configuration_path'] + self.suffix, + config.pki_log.info("adding selinux fcontext \"%s\"", + master['pki_instance_configuration_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.add(master['pki_instance_configuration_path'] + self.suffix, config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") - for port in ports: - port1 = seobject.portRecords() - port1.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT) - trans.finish() + + portRecords = seobject.portRecords() + for port in ports: + config.pki_log.info("adding selinux port %s", port, + extra=config.PKI_INDENTATION_LEVEL_2) + portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT) + + trans.finish() self.restore_context() return self.rv @@ -87,21 +106,42 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: return self.rv - trans = seobject.semanageRecords("targeted") - trans.start() - if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - fcon1 = seobject.fcontextRecords() - fcon1.delete(master['pki_instance_path'] + self.suffix , "") + # remove SELinux contexts when removing the last subsystem + if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + util.instance.apache_instance_subsystems() == 0 or\ + master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + util.instance.tomcat_instance_subsystems() == 0: + + trans = seobject.semanageRecords("targeted") + trans.start() - fcon2 = seobject.fcontextRecords() - fcon2.delete(master['pki_instance_log_path'] + self.suffix, "") + if master['pki_instance_name'] != \ + config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: - fcon3 = seobject.fcontextRecords() - fcon3.delete(master['pki_instance_configuration_path'] + \ + fcon = seobject.fcontextRecords() + + config.pki_log.info("deleting selinux fcontext \"%s\"", + master['pki_instance_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.delete(master['pki_instance_path'] + self.suffix , "") + + config.pki_log.info("deleting selinux fcontext \"%s\"", + master['pki_instance_log_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.delete(master['pki_instance_log_path'] + self.suffix, "") + + config.pki_log.info("deleting selinux fcontext \"%s\"", + master['pki_instance_configuration_path'] + self.suffix, + extra=config.PKI_INDENTATION_LEVEL_2) + fcon.delete(master['pki_instance_configuration_path'] + \ self.suffix, "") - for port in ports: - port1 = seobject.portRecords() - port1.delete(port, "tcp") - trans.finish() + + portRecords = seobject.portRecords() + for port in ports: + config.pki_log.info("deleting selinux port %s", port, + extra=config.PKI_INDENTATION_LEVEL_2) + portRecords.delete(port, "tcp") + + trans.finish() + return self.rv |