From c3fdb8ffc11938514d96760c9a62d619f90cbcca Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Tue, 18 Dec 2012 14:25:13 -0500 Subject: pkispawn modified to not relabel when selinux is disabled Ticket 393 --- base/deploy/src/scriptlets/pkihelper.py | 10 +++++++++- base/deploy/src/scriptlets/pkimessages.py | 3 +++ base/deploy/src/scriptlets/selinux_setup.py | 14 +++++++++++++- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py index ea84f7d0b..48c5f84f0 100644 --- a/base/deploy/src/scriptlets/pkihelper.py +++ b/base/deploy/src/scriptlets/pkihelper.py @@ -36,7 +36,9 @@ from grp import getgrnam from pwd import getpwnam from pwd import getpwuid import zipfile -import seobject +import selinux +if selinux.is_selinux_enabled(): + import seobject # PKI Deployment Imports @@ -760,6 +762,12 @@ class configuration_file: if len(ports) == 0: return + if not bool(selinux.is_selinux_enabled()): + config.pki_log.error( + log.PKIHELPER_SELINUX_DISABLED, + extra=config.PKI_INDENTATION_LEVEL_2) + return + portrecs = seobject.portRecords().get_all() portlist = ports[:] for port in portlist: diff --git a/base/deploy/src/scriptlets/pkimessages.py b/base/deploy/src/scriptlets/pkimessages.py index 5b1448f65..ade19422e 100644 --- a/base/deploy/src/scriptlets/pkimessages.py +++ b/base/deploy/src/scriptlets/pkimessages.py @@ -244,6 +244,7 @@ PKIHELPER_SECURITY_DOMAIN_UPDATE_FAILURE_3 =\ PKIHELPER_SECURITY_DOMAIN_UPDATE_SUCCESS_2 =\ "updateDomainXML SUCCESSFULLY deleted this '%s' entry from "\ "security domain '%s'" +PKIHELPER_SELINUX_DISABLED = "Selinux is disabled. Not checking port contexts" PKIHELPER_SET_MODE_1 = "setting ownerships, permissions, and acls on '%s'" PKIHELPER_SLOT_SUBSTITUTION_2 = "slot substitution: '%s' ==> '%s'" PKIHELPER_SSLGET_OUTPUT_1 = "\n"\ @@ -337,6 +338,8 @@ SECURITY_DATABASES_SPAWN_1 = "generating '%s'" SELINUX_DESTROY_1 = "depopulating '%s'" SELINUX_RESPAWN_1 = "repopulating '%s'" SELINUX_SPAWN_1 = "populating '%s'" +SELINUX_DISABLED_DESTROY_1 = "selinux disabled. skipping unlabelling '%s'" +SELINUX_DISABLED_SPAWN_1 = "selinux disabled. skipping labelling '%s'" SLOT_ASSIGNMENT_DESTROY_1 = "unassigning slots for '%s'" SLOT_ASSIGNMENT_RESPAWN_1 = "reassigning slots for '%s'" SLOT_ASSIGNMENT_SPAWN_1 = "assigning slots for '%s'" diff --git a/base/deploy/src/scriptlets/selinux_setup.py b/base/deploy/src/scriptlets/selinux_setup.py index 87e129f75..f3b7d1273 100644 --- a/base/deploy/src/scriptlets/selinux_setup.py +++ b/base/deploy/src/scriptlets/selinux_setup.py @@ -26,8 +26,10 @@ from pkiconfig import pki_selinux_config_ports as ports import pkihelper as util import pkimessages as log import pkiscriptlet -import seobject import selinux +if selinux.is_selinux_enabled(): + import seobject + # PKI Deployment Selinux Setup Scriptlet class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): @@ -45,6 +47,12 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.SKIP_SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) return self.rv + + if not bool(selinux.is_selinux_enabled()): + config.pki_log.info(log.SELINUX_DISABLED_SPAWN_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv + config.pki_log.info(log.SELINUX_SPAWN_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) @@ -109,6 +117,10 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): return self.rv def destroy(self): + if not bool(selinux.is_selinux_enabled()): + config.pki_log.info(log.SELINUX_DISABLED_DESTROY_1, __name__, + extra=config.PKI_INDENTATION_LEVEL_1) + return self.rv config.pki_log.info(log.SELINUX_DESTROY_1, __name__, extra=config.PKI_INDENTATION_LEVEL_1) -- cgit