diff options
| -rw-r--r-- | contrib/fedora/ipsilon.spec | 9 | ||||
| -rwxr-xr-x | ipsilon/install/ipsilon-server-install | 5 | ||||
| -rwxr-xr-x | ipsilon/login/authpam.py | 9 |
3 files changed, 23 insertions, 0 deletions
diff --git a/contrib/fedora/ipsilon.spec b/contrib/fedora/ipsilon.spec index 08f2c70..f86e4de 100644 --- a/contrib/fedora/ipsilon.spec +++ b/contrib/fedora/ipsilon.spec @@ -62,6 +62,15 @@ getent passwd ipsilon >/dev/null || \ -c "Ipsilon Server" ipsilon exit 0 +%post +semanage fcontext -a -t httpd_var_lib_t '%{_sharedstatedir}/ipsilon(/.*)?' 2>/dev/null || : +semanage fcontext -a -t var_lib_t '%{_sharedstatedir}/ipsilon(/.*)/*.conf' 2>/dev/null || : +restorecon -R %{_sharedstatedir}/ipsilon || : + +%postun +semanage fcontext -d -t var_lib_t '%{_sharedstatedir}/ipsilon(/.*)/*.conf' 2>/dev/null || : +semanage fcontext -d -t httpd_var_lib_t '%{_sharedstatedir}/ipsilon(/.*)?' 2>/dev/null || : + %files %doc COPYING %{python2_sitelib}/ipsilon-*.egg-info diff --git a/ipsilon/install/ipsilon-server-install b/ipsilon/install/ipsilon-server-install index b5a6371..d9e4585 100755 --- a/ipsilon/install/ipsilon-server-install +++ b/ipsilon/install/ipsilon-server-install @@ -28,6 +28,7 @@ import os import pwd import shutil import socket +import subprocess import sys import time @@ -137,6 +138,10 @@ def install(plugins, args): # Fixup permissions so only the ipsilon user can read these files files.fix_user_dirs(instance_conf, opts['system_user'], mode=0500) files.fix_user_dirs(args['data_dir'], opts['system_user']) + try: + subprocess.call(['/usr/sbin/restorecon', '-R', args['data_dir']]) + except Exception: # pylint: disable=broad-except + pass def uninstall(plugins, args): logger.info('Uninstallation initiated') diff --git a/ipsilon/login/authpam.py b/ipsilon/login/authpam.py index db409f7..14ebae4 100755 --- a/ipsilon/login/authpam.py +++ b/ipsilon/login/authpam.py @@ -22,6 +22,7 @@ from ipsilon.login.common import FACILITY from ipsilon.util.plugin import PluginObject import cherrypy import pam +import subprocess class Pam(LoginPageBase): @@ -185,3 +186,11 @@ class Installer(object): globalconf['order'] = ','.join(order) po.set_config(globalconf) po.save_plugin_config(FACILITY) + + # for selinux enabled platfroms, ignore if it fails just report + try: + subprocess.call(['/usr/sbin/setsebool', '-P', + 'httpd_mod_auth_pam=on', + 'httpd_tmp_t=on']) + except Exception: # pylint: disable=broad-except + pass |