diff options
Diffstat (limited to 'base/deploy/src/scriptlets/selinux_setup.py')
-rw-r--r-- | base/deploy/src/scriptlets/selinux_setup.py | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 56d03fd1d..be976cd18 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -21,6 +21,7 @@ # PKI Deployment Imports import pkiconfig as config +from pkiconfig import PKIConfig from pkiconfig import pki_master_dict as master from pkiconfig import pki_selinux_config_ports as ports import pkihelper as util @@ -42,59 +43,59 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def spawn(self): if config.str2bool(master['pki_skip_installation']): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) return self.rv config.pki_log.info(log.SELINUX_SPAWN_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: self.restore_context() return self.rv # add SELinux contexts when adding the first subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 1 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 1: trans = seobject.semanageRecords("targeted") trans.start() if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_path'] + self.suffix, - config.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_INSTANCE_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_log_path'] + self.suffix, - config.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_LOG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_instance_configuration_path'] + self.suffix, - config.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_CFG_SELINUX_CONTEXT, "", "s0", "") config.pki_log.info("adding selinux fcontext \"%s\"", master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.add(master['pki_database_path'] + self.suffix, - config.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") + PKIConfig.PKI_CERTDB_SELINUX_CONTEXT, "", "s0", "") portRecords = seobject.portRecords() for port in ports: config.pki_log.info("adding selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) - portRecords.add(port, "tcp", "s0", config.PKI_PORT_SELINUX_CONTEXT) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) + portRecords.add(port, "tcp", "s0", PKIConfig.PKI_PORT_SELINUX_CONTEXT) trans.finish() @@ -103,52 +104,52 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): def destroy(self): config.pki_log.info(log.SELINUX_DESTROY_1, __name__, - extra=config.PKI_INDENTATION_LEVEL_1) + extra=PKIConfig.PKI_INDENTATION_LEVEL_1) # check first if any transactions are required if len(ports) == 0 and master['pki_instance_name'] == \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: return self.rv # remove SELinux contexts when removing the last subsystem - if master['pki_subsystem'] in config.PKI_APACHE_SUBSYSTEMS and\ + if master['pki_subsystem'] in PKIConfig.PKI_APACHE_SUBSYSTEMS and\ util.instance.apache_instance_subsystems() == 0 or\ - master['pki_subsystem'] in config.PKI_TOMCAT_SUBSYSTEMS and\ + master['pki_subsystem'] in PKIConfig.PKI_TOMCAT_SUBSYSTEMS and\ util.instance.tomcat_instance_subsystems() == 0: trans = seobject.semanageRecords("targeted") trans.start() if master['pki_instance_name'] != \ - config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: + PKIConfig.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME: fcon = seobject.fcontextRecords() config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_path'] + self.suffix , "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_log_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_log_path'] + self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_instance_configuration_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_instance_configuration_path'] + \ self.suffix, "") config.pki_log.info("deleting selinux fcontext \"%s\"", master['pki_database_path'] + self.suffix, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) fcon.delete(master['pki_database_path'] + self.suffix , "") portRecords = seobject.portRecords() for port in ports: config.pki_log.info("deleting selinux port %s", port, - extra=config.PKI_INDENTATION_LEVEL_2) + extra=PKIConfig.PKI_INDENTATION_LEVEL_2) portRecords.delete(port, "tcp") trans.finish() |