httpd: move SELinux settings to constants

SELinux is platform dependend, moving boolean setting to platform module.

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
Martin Basti 2017-05-18 17:19:23 +02:00 committed by Martin Babinsky
parent 9c3fad9cef
commit 1a6de32c9e
3 changed files with 9 additions and 10 deletions

View File

@ -27,4 +27,10 @@ class BaseConstantsNamespace(object):
ODS_GROUP = "ods" ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS # nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS" SECURE_NFS_VAR = "SECURE_NFS"
SELINUX_BOOLEAN_HTTPD = {
'httpd_can_network_connect': 'on',
'httpd_manage_ipa': 'on',
'httpd_run_ipa': 'on',
'httpd_dbus_sssd': 'on',
}
SSSD_USER = "sssd" SSSD_USER = "sssd"

View File

@ -50,13 +50,6 @@ from ipaplatform.tasks import tasks
from ipaplatform.paths import paths from ipaplatform.paths import paths
from ipaplatform import services from ipaplatform import services
SELINUX_BOOLEAN_SETTINGS = dict(
httpd_can_network_connect='on',
httpd_manage_ipa='on',
httpd_run_ipa='on',
httpd_dbus_sssd='on',
)
HTTPD_USER = constants.HTTPD_USER HTTPD_USER = constants.HTTPD_USER
KDCPROXY_USER = constants.KDCPROXY_USER KDCPROXY_USER = constants.KDCPROXY_USER
@ -193,7 +186,7 @@ class HTTPInstance(service.Service):
def configure_selinux_for_httpd(self): def configure_selinux_for_httpd(self):
try: try:
tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS, tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_HTTPD,
self.backup_state) self.backup_state)
except ipapython.errors.SetseboolError as e: except ipapython.errors.SetseboolError as e:
self.print_msg(e.format_service_warning('web interface')) self.print_msg(e.format_service_warning('web interface'))
@ -556,7 +549,7 @@ class HTTPInstance(service.Service):
# Restore SELinux boolean states # Restore SELinux boolean states
boolean_states = {name: self.restore_state(name) boolean_states = {name: self.restore_state(name)
for name in SELINUX_BOOLEAN_SETTINGS} for name in constants.SELINUX_BOOLEAN_HTTPD}
try: try:
tasks.set_selinux_booleans(boolean_states) tasks.set_selinux_booleans(boolean_states)
except ipapython.errors.SetseboolError as e: except ipapython.errors.SetseboolError as e:

View File

@ -796,7 +796,7 @@ class Restore(admintool.AdminTool):
self.log.error('Problem with %s: %s' % (dir, e)) self.log.error('Problem with %s: %s' % (dir, e))
def restore_selinux_booleans(self): def restore_selinux_booleans(self):
bools = dict(httpinstance.SELINUX_BOOLEAN_SETTINGS) bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
if 'ADTRUST' in self.backup_services: if 'ADTRUST' in self.backup_services:
if adtrustinstance: if adtrustinstance:
bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS) bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)