diff options
author | Ade Lee <alee@redhat.com> | 2012-12-18 14:25:13 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-12-19 00:05:38 -0500 |
commit | c3fdb8ffc11938514d96760c9a62d619f90cbcca (patch) | |
tree | 7266ac55f7a8d0dbe1eec283693fb2a4f033b86e /base/deploy | |
parent | 33edf556a456ef329cb1eae1b539b8fdd3a50b22 (diff) | |
download | pki-c3fdb8ffc11938514d96760c9a62d619f90cbcca.tar.gz pki-c3fdb8ffc11938514d96760c9a62d619f90cbcca.tar.xz pki-c3fdb8ffc11938514d96760c9a62d619f90cbcca.zip |
pkispawn modified to not relabel when selinux is disabled
Ticket 393
Diffstat (limited to 'base/deploy')
-rw-r--r-- | base/deploy/src/scriptlets/pkihelper.py | 10 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/pkimessages.py | 3 | ||||
-rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 14 |
3 files changed, 25 insertions, 2 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index ea84f7d0b..48c5f84f0 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -36,7 +36,9 @@ from grp import getgrnam from pwd import getpwnam from pwd import getpwuid import zipfile -import seobject +import selinux +if selinux.is_selinux_enabled(): + import seobject # PKI Deployment Imports @@ -760,6 +762,12 @@ class configuration_file: if len(ports) == 0: return + if not bool(selinux.is_selinux_enabled()): + config.pki_log.error( + log.PKIHELPER_SELINUX_DISABLED, + extra=config.PKI_INDENTATION_LEVEL_2) + return + portrecs = seobject.portRecords().get_all() portlist = ports[:] for port in portlist: diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index 5b1448f65..ade19422e 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -244,6 +244,7 @@ PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 =\ PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2 =\ "updateDomainXML SUCCESSFULLY deleted this '%s' entry from "\ "security domain '%s'" +PKIHELPER_SELINUX_DISABLED = "Selinux is disabled. Not checking port contexts" PKIHELPER_SET_MODE_1 = "setting ownerships, permissions, and acls on '%s'" PKIHELPER_SLOT_SUBSTITUTION_2 = "slot substitution: '%s' ==> '%s'" PKIHELPER_SSLGET_OUTPUT_1 = "\n"\ @@ -337,6 +338,8 @@ SECURITY_DATABASES_SPAWN_1 = "generating '%s'" SELINUX_DESTROY_1 = "depopulating '%s'" SELINUX_RESPAWN_1 = "repopulating '%s'" SELINUX_SPAWN_1 = "populating '%s'" +SELINUX_DISABLED_DESTROY_1 = "selinux disabled. skipping unlabelling '%s'" +SELINUX_DISABLED_SPAWN_1 = "selinux disabled. skipping labelling '%s'" SLOT_ASSIGNMENT_DESTROY_1 = "unassigning slots for '%s'" SLOT_ASSIGNMENT_RESPAWN_1 = "reassigning slots for '%s'" SLOT_ASSIGNMENT_SPAWN_1 = "assigning slots for '%s'" diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 87e129f75..f3b7d1273 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -26,8 +26,10 @@ from pkiconfig import pki_selinux_config_ports as ports import pkihelper as util import pkimessages as log import pkiscriptlet -import seobject import selinux +if selinux.is_selinux_enabled(): + import seobject + # PKI Deployment Selinux Setup Scriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): @@ -45,6 +47,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv + + if not bool(selinux.is_selinux_enabled()): + config.pki_log.info(log.SELINUX_DISABLED_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv + config.pki_log.info(log.SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -109,6 +117,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv def destroy(self): + if not bool(selinux.is_selinux_enabled()): + config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.SELINUX_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) |