mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
httpd: move SELinux settings to constants
SELinux is platform dependend, moving boolean setting to platform module. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
This commit is contained in:
parent
9c3fad9cef
commit
1a6de32c9e
@ -27,4 +27,10 @@ class BaseConstantsNamespace(object):
|
|||||||
ODS_GROUP = "ods"
|
ODS_GROUP = "ods"
|
||||||
# nfsd init variable used to enable kerberized NFS
|
# nfsd init variable used to enable kerberized NFS
|
||||||
SECURE_NFS_VAR = "SECURE_NFS"
|
SECURE_NFS_VAR = "SECURE_NFS"
|
||||||
|
SELINUX_BOOLEAN_HTTPD = {
|
||||||
|
'httpd_can_network_connect': 'on',
|
||||||
|
'httpd_manage_ipa': 'on',
|
||||||
|
'httpd_run_ipa': 'on',
|
||||||
|
'httpd_dbus_sssd': 'on',
|
||||||
|
}
|
||||||
SSSD_USER = "sssd"
|
SSSD_USER = "sssd"
|
||||||
|
@ -50,13 +50,6 @@ from ipaplatform.tasks import tasks
|
|||||||
from ipaplatform.paths import paths
|
from ipaplatform.paths import paths
|
||||||
from ipaplatform import services
|
from ipaplatform import services
|
||||||
|
|
||||||
SELINUX_BOOLEAN_SETTINGS = dict(
|
|
||||||
httpd_can_network_connect='on',
|
|
||||||
httpd_manage_ipa='on',
|
|
||||||
httpd_run_ipa='on',
|
|
||||||
httpd_dbus_sssd='on',
|
|
||||||
)
|
|
||||||
|
|
||||||
HTTPD_USER = constants.HTTPD_USER
|
HTTPD_USER = constants.HTTPD_USER
|
||||||
KDCPROXY_USER = constants.KDCPROXY_USER
|
KDCPROXY_USER = constants.KDCPROXY_USER
|
||||||
|
|
||||||
@ -193,7 +186,7 @@ class HTTPInstance(service.Service):
|
|||||||
|
|
||||||
def configure_selinux_for_httpd(self):
|
def configure_selinux_for_httpd(self):
|
||||||
try:
|
try:
|
||||||
tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS,
|
tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_HTTPD,
|
||||||
self.backup_state)
|
self.backup_state)
|
||||||
except ipapython.errors.SetseboolError as e:
|
except ipapython.errors.SetseboolError as e:
|
||||||
self.print_msg(e.format_service_warning('web interface'))
|
self.print_msg(e.format_service_warning('web interface'))
|
||||||
@ -556,7 +549,7 @@ class HTTPInstance(service.Service):
|
|||||||
|
|
||||||
# Restore SELinux boolean states
|
# Restore SELinux boolean states
|
||||||
boolean_states = {name: self.restore_state(name)
|
boolean_states = {name: self.restore_state(name)
|
||||||
for name in SELINUX_BOOLEAN_SETTINGS}
|
for name in constants.SELINUX_BOOLEAN_HTTPD}
|
||||||
try:
|
try:
|
||||||
tasks.set_selinux_booleans(boolean_states)
|
tasks.set_selinux_booleans(boolean_states)
|
||||||
except ipapython.errors.SetseboolError as e:
|
except ipapython.errors.SetseboolError as e:
|
||||||
|
@ -796,7 +796,7 @@ class Restore(admintool.AdminTool):
|
|||||||
self.log.error('Problem with %s: %s' % (dir, e))
|
self.log.error('Problem with %s: %s' % (dir, e))
|
||||||
|
|
||||||
def restore_selinux_booleans(self):
|
def restore_selinux_booleans(self):
|
||||||
bools = dict(httpinstance.SELINUX_BOOLEAN_SETTINGS)
|
bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
|
||||||
if 'ADTRUST' in self.backup_services:
|
if 'ADTRUST' in self.backup_services:
|
||||||
if adtrustinstance:
|
if adtrustinstance:
|
||||||
bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)
|
bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)
|
||||||
|
Loading…
Reference in New Issue
Block a user