httpd: move SELinux settings to constants

SELinux is platform dependend, moving boolean setting to platform module. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2024-12-23 07:33:27 -06:00 · 2017-05-18 17:19:23 +02:00 · 2017-05-18 17:19:23 +02:00 · 1a6de32c9e
commit 1a6de32c9e
parent 9c3fad9cef
3 changed files with 9 additions and 10 deletions
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@ -27,4 +27,10 @@ class BaseConstantsNamespace(object):
    ODS_GROUP = "ods"
    # nfsd init variable used to enable kerberized NFS
    SECURE_NFS_VAR = "SECURE_NFS"
+    SELINUX_BOOLEAN_HTTPD = {
+        'httpd_can_network_connect': 'on',
+        'httpd_manage_ipa': 'on',
+        'httpd_run_ipa': 'on',
+        'httpd_dbus_sssd': 'on',
+    }
    SSSD_USER = "sssd"
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -50,13 +50,6 @@ from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
 from ipaplatform import services

-SELINUX_BOOLEAN_SETTINGS = dict(
-    httpd_can_network_connect='on',
-    httpd_manage_ipa='on',
-    httpd_run_ipa='on',
-    httpd_dbus_sssd='on',
-)
-
 HTTPD_USER = constants.HTTPD_USER
 KDCPROXY_USER = constants.KDCPROXY_USER

@ -193,7 +186,7 @@ class HTTPInstance(service.Service):

    def configure_selinux_for_httpd(self):
        try:
-            tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS,
+            tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_HTTPD,
                                       self.backup_state)
        except ipapython.errors.SetseboolError as e:
            self.print_msg(e.format_service_warning('web interface'))
@ -556,7 +549,7 @@ class HTTPInstance(service.Service):

        # Restore SELinux boolean states
        boolean_states = {name: self.restore_state(name)
-                          for name in SELINUX_BOOLEAN_SETTINGS}
+                          for name in constants.SELINUX_BOOLEAN_HTTPD}
        try:
            tasks.set_selinux_booleans(boolean_states)
        except ipapython.errors.SetseboolError as e:
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@ -796,7 +796,7 @@ class Restore(admintool.AdminTool):
                self.log.error('Problem with %s: %s' % (dir, e))

    def restore_selinux_booleans(self):
-        bools = dict(httpinstance.SELINUX_BOOLEAN_SETTINGS)
+        bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
        if 'ADTRUST' in self.backup_services:
            if adtrustinstance:
                bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)