From b1caef597abc30597255d6dc93479b0f99879f4e Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Thu, 8 Oct 2015 11:43:36 -0700 Subject: [PATCH] Ticket #48305 - perl module conditional test is not conditional when checking SELinux policies Description: If sestatus reports SELinux is disabled, SELinux commands such as semanage and restorecon fail. This patch checks the availability and only if the status says SELinux is enabled, it calls the SELinux commands. --- ldap/admin/src/scripts/DSCreate.pm.in | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in index cdde339..3ce5a73 100644 --- a/ldap/admin/src/scripts/DSCreate.pm.in +++ b/ldap/admin/src/scripts/DSCreate.pm.in @@ -956,9 +956,11 @@ sub setDefaults { sub updateSelinuxPolicy { my $inf = shift; + my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL "); # if selinux is not available, do nothing - if ((getLogin() eq 'root') and "@with_selinux@") { + if ((getLogin() eq 'root') and "@with_selinux@" and + -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) { my $localstatedir = $inf->{slapd}->{localstatedir}; # run restorecon on all of the parent directories we @@ -1404,7 +1406,9 @@ sub removeDSInstance { } # remove the selinux label from the ports if needed - if ((getLogin() eq 'root') and "@with_selinux@") { + my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL "); + if ((getLogin() eq 'root') and "@with_selinux@" and + -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) { foreach my $port (@{$entry->{"nsslapd-port"}}) { my $semanage_err; -- 1.9.3