summaryrefslogtreecommitdiffstats
path: root/ipapython
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2014-08-14 17:14:07 +0200
committerMartin Kosek <mkosek@redhat.com>2014-09-26 12:12:59 +0200
commitc7d6fea06f17ecceb3d7c6aae57cc7b9f4fe4c9f (patch)
tree798b417b9bdae065b932942645fdd5b221171404 /ipapython
parent757272a3f818e85e7f0b88060efbcd76d3a93f8b (diff)
downloadfreeipa-c7d6fea06f17ecceb3d7c6aae57cc7b9f4fe4c9f.tar.gz
freeipa-c7d6fea06f17ecceb3d7c6aae57cc7b9f4fe4c9f.tar.xz
freeipa-c7d6fea06f17ecceb3d7c6aae57cc7b9f4fe4c9f.zip
Move setting SELinux booleans to platform code
Create a platform task for setting SELinux booleans. Use an exception for the case when the booleans could not be set (since this is an error if not handled). Since ipaplatform should not depend on ipalib, create a new errors module in ipapython for SetseboolError. Handle uninstallation with the same task, which means the booleans are now restored with a single call to setsebool. Preparation for: https://fedorahosted.org/freeipa/ticket/4157 Fixes: https://fedorahosted.org/freeipa/ticket/2934 Fixes: https://fedorahosted.org/freeipa/ticket/2519 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Diffstat (limited to 'ipapython')
-rw-r--r--ipapython/errors.py47
1 files changed, 47 insertions, 0 deletions
diff --git a/ipapython/errors.py b/ipapython/errors.py
new file mode 100644
index 000000000..9fc28359c
--- /dev/null
+++ b/ipapython/errors.py
@@ -0,0 +1,47 @@
+# Authors: Petr Viktorin <pviktori@redhat.com>
+#
+# Copyright (C) 2014 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+
+class SetseboolError(StandardError):
+ """Raised when setting a SELinux boolean fails
+
+ :param failed: Dictionary mapping boolean names to intended values
+ to their intended values, for booleans that cound not be set
+ :param command: Command the user can run to set the booleans
+
+ The initializer arguments are copied to attributes of the same name.
+ """
+ def __init__(self, failed, command):
+ message = "Could not set SELinux booleans: %s" % ' '.join(
+ '%s=%s' % (name, value) for name, value in failed.items())
+ super(SetseboolError, self).__init__(message)
+ self.failed = failed
+ self.command = command
+
+ def format_service_warning(self, service_name):
+ """Format warning for display when this is raised from service install
+ """
+ return '\n'.join([
+ 'WARNING: %(err)s',
+ '',
+ 'The %(service)s may not function correctly until ',
+ 'the booleans are successfully changed with the command:',
+ ' %(cmd)s',
+ 'Try updating the policycoreutils and selinux-policy packages.'
+ ]) % {'err': self, 'service': service_name, 'cmd': self.command}