From 5fd74e0e0c9407306e99ef4fd2e776cb911ee94a Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 10 Jul 2012 11:50:59 -0400
Subject: Selinux policy for new configuration.

Added tomcat_t for java processes.  Added aliases for old types to allow
compatibility of existng subsystems.  Added install scripts for pkispawn
and pkidestroy
---
 base/deploy/src/scriptlets/pkihelper.py | 52 +++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

(limited to 'base/deploy/src/scriptlets/pkihelper.py')

diff --git a/base/deploy/src/scriptlets/pkihelper.py b/base/deploy/src/scriptlets/pkihelper.py
index 7de6502a2..1ceb65898 100644
--- a/base/deploy/src/scriptlets/pkihelper.py
+++ b/base/deploy/src/scriptlets/pkihelper.py
@@ -35,6 +35,7 @@ from grp import getgrnam
 from pwd import getpwnam
 from pwd import getpwuid
 import zipfile
+import seobject
 
 
 # PKI Deployment Imports
@@ -42,6 +43,7 @@ import pkiconfig as config
 from pkiconfig import pki_master_dict as master
 from pkiconfig import pki_sensitive_dict as sensitive
 from pkiconfig import pki_slots_dict as slots
+from pkiconfig import pki_selinux_config_ports as ports
 import pkimanifest as manifest
 import pkimessages as log
 
@@ -403,6 +405,56 @@ class configuration_file:
                         extra=config.PKI_INDENTATION_LEVEL_2)
                     sys.exit(1)
 
+    def populate_non_default_ports(self):
+        if master['pki_http_port'] != \
+            config.PKI_DEPLOYMENT_DEFAULT_HTTP_PORT:
+                ports.append(master['pki_http_port'])
+        if master['pki_https_port'] != \
+            config.PKI_DEPLOYMENT_DEFAULT_HTTPS_PORT:
+                ports.append(master['pki_https_port'])
+        if master['pki_tomcat_server_port'] != \
+            config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_SERVER_PORT:
+                ports.append(master['pki_tomcat_server_port'])
+        if master['pki_ajp_port'] != \
+            config.PKI_DEPLOYMENT_DEFAULT_AJP_PORT:
+                ports.append(master['pki_ajp_port'])
+        return
+
+    def verify_selinux_ports(self):
+        # Determine which ports still need to be labelled, and if any are
+        # incorrectly labelled
+        if len(ports) == 0:
+            return
+
+        portrecs = seobject.portRecords().get_all()
+        portlist = ports[:]
+        for port in portlist:
+            context = ""
+            for i in portrecs:
+                if portrecs[i][0] == "unreserved_port_t" or \
+                   portrecs[i][0] == "reserved_port_t" or \
+                   i[2] != "tcp":
+                       continue
+                if i[0] <= int(port) and int(port) <= i[1]:
+                    context = portrecs[i][0]
+                    break
+            if context == "":
+                # port has no current context
+                # leave it in list of ports to set
+                continue
+            elif context == config.PKI_PORT_SELINUX_CONTEXT:
+                # port is already set correctly
+                # remove from list of ports to set
+                ports.remove(port)
+            else:
+                config.pki_log.error(
+                        log.PKIHELPER_INVALID_SELINUX_CONTEXT_FOR_PORT,
+                        port, context,
+                        extra=config.PKI_INDENTATION_LEVEL_2)
+                sys.exit(1)
+        return
+
+
 
 # PKI Deployment XML File Class
 #class xml_file:
-- 
cgit