set SELinux boolean httpd_can_connect_ldap when install infolap and authldaphttpd_avc

Signed-off-by: John Dennis <jdennis@redhat.com>
author: John Dennis <jdennis@redhat.com> 2015-01-26 17:11:03 -0500
committer: John Dennis <jdennis@redhat.com> 2015-01-26 17:51:03 -0500
commit: cbeb708c20514c79c19ed37e48b6f9be28019aac (patch)
tree: 2c0e0f63d0bb1a231eb22577d18e9a88b451926d /ipsilon/info/infoldap.py
parent: 9f8b66c72a015050f20a5d789a5f997b0f4ce925 (diff)
download: ipsilon-httpd_avc.tar.gz
ipsilon-httpd_avc.tar.xz
ipsilon-httpd_avc.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/ipsilon/info/infoldap.py b/ipsilon/info/infoldap.py
index 6ba5b0d..498d433 100644
--- a/ipsilon/info/infoldap.py
+++ b/ipsilon/info/infoldap.py
@@ -8,6 +8,7 @@ from ipsilon.info.common import InfoMapping
 from ipsilon.util.plugin import PluginObject
 from ipsilon.util import config as pconfig
 import ldap
+import subprocess
 
 
 # TODO: fetch mapping from configuration
@@ -197,3 +198,11 @@ class Installer(InfoProviderInstaller):
         # Update global config to add login plugin
         po.is_enabled = True
         po.save_enabled_state()
+
+        # For selinux enabled platforms permit httpd to connect to ldap,
+        # ignore if it fails
+        try:
+            subprocess.call(['/usr/sbin/setsebool', '-P',
+                             'httpd_can_connect_ldap=on'])
+        except Exception:  # pylint: disable=broad-except
+            pass
author	John Dennis <jdennis@redhat.com>	2015-01-26 17:11:03 -0500
committer	John Dennis <jdennis@redhat.com>	2015-01-26 17:51:03 -0500
commit	cbeb708c20514c79c19ed37e48b6f9be28019aac (patch)
tree	2c0e0f63d0bb1a231eb22577d18e9a88b451926d /ipsilon/info/infoldap.py
parent	9f8b66c72a015050f20a5d789a5f997b0f4ce925 (diff)
download	ipsilon-httpd_avc.tar.gz ipsilon-httpd_avc.tar.xz ipsilon-httpd_avc.zip