summaryrefslogtreecommitdiffstats
path: root/base/deploy/src/scriptlets/pkihelper.py
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2012-07-10 11:50:59 -0400
committerAde Lee <alee@redhat.com>2012-07-25 01:48:48 -0400
commit5fd74e0e0c9407306e99ef4fd2e776cb911ee94a (patch)
tree7b4c9b87431bfc59c558921df8cb02bbd31a03ba /base/deploy/src/scriptlets/pkihelper.py
parent7168edccfcdb769ead6d5cbc02f7fab9772e1a82 (diff)
downloadpki-5fd74e0e0c9407306e99ef4fd2e776cb911ee94a.tar.gz
pki-5fd74e0e0c9407306e99ef4fd2e776cb911ee94a.tar.xz
pki-5fd74e0e0c9407306e99ef4fd2e776cb911ee94a.zip
Selinux policy for new configuration.
Added tomcat_t for java processes. Added aliases for old types to allow compatibility of existng subsystems. Added install scripts for pkispawn and pkidestroy
Diffstat (limited to 'base/deploy/src/scriptlets/pkihelper.py')
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py52
1 files changed, 52 insertions, 0 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 7de6502a2..1ceb65898 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -35,6 +35,7 @@ from grp import getgrnam
from pwd import getpwnam
from pwd import getpwuid
import zipfile
+import seobject
# PKI Deployment Imports
@@ -42,6 +43,7 @@ import pkiconfig as config
from pkiconfig import pki_master_dict as master
from pkiconfig import pki_sensitive_dict as sensitive
from pkiconfig import pki_slots_dict as slots
+from pkiconfig import pki_selinux_config_ports as ports
import pkimanifest as manifest
import pkimessages as log
@@ -403,6 +405,56 @@ class configuration_file:
extra=config.PKI_INDENTATION_LEVEL_2)
sys.exit(1)
+ def populate_non_default_ports(self):
+ if master['pki_http_port'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_HTTP_PORT:
+ ports.append(master['pki_http_port'])
+ if master['pki_https_port'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_HTTPS_PORT:
+ ports.append(master['pki_https_port'])
+ if master['pki_tomcat_server_port'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT:
+ ports.append(master['pki_tomcat_server_port'])
+ if master['pki_ajp_port'] != \
+ config.PKI_DEPLOYMENT_DEFAULT_AJP_PORT:
+ ports.append(master['pki_ajp_port'])
+ return
+
+ def verify_selinux_ports(self):
+ # Determine which ports still need to be labelled, and if any are
+ # incorrectly labelled
+ if len(ports) == 0:
+ return
+
+ portrecs = seobject.portRecords().get_all()
+ portlist = ports[:]
+ for port in portlist:
+ context = ""
+ for i in portrecs:
+ if portrecs[i][0] == "unreserved_port_t" or \
+ portrecs[i][0] == "reserved_port_t" or \
+ i[2] != "tcp":
+ continue
+ if i[0] <= int(port) and int(port) <= i[1]:
+ context = portrecs[i][0]
+ break
+ if context == "":
+ # port has no current context
+ # leave it in list of ports to set
+ continue
+ elif context == config.PKI_PORT_SELINUX_CONTEXT:
+ # port is already set correctly
+ # remove from list of ports to set
+ ports.remove(port)
+ else:
+ config.pki_log.error(
+ log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
+ port, context,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ sys.exit(1)
+ return
+
+
# PKI Deployment XML File Class
#class xml_file: