summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/deploy/src/scriptlets/pkihelper.py10
-rw-r--r--base/deploy/src/scriptlets/pkimessages.py3
-rw-r--r--base/deploy/src/scriptlets/selinux_setup.py14
3 files changed, 25 insertions, 2 deletions
diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index ea84f7d0b..48c5f84f0 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -36,7 +36,9 @@ from grp import getgrnam
from pwd import getpwnam
from pwd import getpwuid
import zipfile
-import seobject
+import selinux
+if selinux.is_selinux_enabled():
+ import seobject
# PKI Deployment Imports
@@ -760,6 +762,12 @@ class configuration_file:
if len(ports) == 0:
return
+ if not bool(selinux.is_selinux_enabled()):
+ config.pki_log.error(
+ log.PKIHELPER_SELINUX_DISABLED,
+ extra=config.PKI_INDENTATION_LEVEL_2)
+ return
+
portrecs = seobject.portRecords().get_all()
portlist = ports[:]
for port in portlist:
diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py
index 5b1448f65..ade19422e 100644
--- a/base/deploy/src/scriptlets/pkimessages.py
+++ b/base/deploy/src/scriptlets/pkimessages.py
@@ -244,6 +244,7 @@ PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 =\
PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2 =\
"updateDomainXML SUCCESSFULLY deleted this '%s' entry from "\
"security domain '%s'"
+PKIHELPER_SELINUX_DISABLED = "Selinux is disabled. Not checking port contexts"
PKIHELPER_SET_MODE_1 = "setting ownerships, permissions, and acls on '%s'"
PKIHELPER_SLOT_SUBSTITUTION_2 = "slot substitution: '%s' ==> '%s'"
PKIHELPER_SSLGET_OUTPUT_1 = "\n"\
@@ -337,6 +338,8 @@ SECURITY_DATABASES_SPAWN_1 = "generating '%s'"
SELINUX_DESTROY_1 = "depopulating '%s'"
SELINUX_RESPAWN_1 = "repopulating '%s'"
SELINUX_SPAWN_1 = "populating '%s'"
+SELINUX_DISABLED_DESTROY_1 = "selinux disabled. skipping unlabelling '%s'"
+SELINUX_DISABLED_SPAWN_1 = "selinux disabled. skipping labelling '%s'"
SLOT_ASSIGNMENT_DESTROY_1 = "unassigning slots for '%s'"
SLOT_ASSIGNMENT_RESPAWN_1 = "reassigning slots for '%s'"
SLOT_ASSIGNMENT_SPAWN_1 = "assigning slots for '%s'"
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py
index 87e129f75..f3b7d1273 100644
--- a/base/deploy/src/scriptlets/selinux_setup.py
+++ b/base/deploy/src/scriptlets/selinux_setup.py
@@ -26,8 +26,10 @@ from pkiconfig import pki_selinux_config_ports as ports
import pkihelper as util
import pkimessages as log
import pkiscriptlet
-import seobject
import selinux
+if selinux.is_selinux_enabled():
+ import seobject
+
# PKI Deployment Selinux Setup Scriptlet
class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
@@ -45,6 +47,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
return self.rv
+
+ if not bool(selinux.is_selinux_enabled()):
+ config.pki_log.info(log.SELINUX_DISABLED_SPAWN_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
+
config.pki_log.info(log.SELINUX_SPAWN_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)
@@ -109,6 +117,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
return self.rv
def destroy(self):
+ if not bool(selinux.is_selinux_enabled()):
+ config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__,
+ extra=config.PKI_INDENTATION_LEVEL_1)
+ return self.rv
config.pki_log.info(log.SELINUX_DESTROY_1, __name__,
extra=config.PKI_INDENTATION_LEVEL_1)