adtrust: move SELinux settings to constants

SELinux is platform dependend, moving boolean setting to platform module. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-05-18 17:23:54 +02:00 · 2017-05-18 17:23:54 +02:00 · 663f227a5c
commit 663f227a5c
parent 1a6de32c9e
3 changed files with 7 additions and 5 deletions
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@ -27,6 +27,9 @@ class BaseConstantsNamespace(object):
    ODS_GROUP = "ods"
    # nfsd init variable used to enable kerberized NFS
    SECURE_NFS_VAR = "SECURE_NFS"
+    SELINUX_BOOLEAN_ADTRUST = {
+        'samba_portmapper': 'on',
+    }
    SELINUX_BOOLEAN_HTTPD = {
        'httpd_can_network_connect': 'on',
        'httpd_manage_ipa': 'on',
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@ -45,6 +45,7 @@ import ipapython.errors

 import ipaclient.install.ipachangeconf
 from ipaplatform import services
+from ipaplatform.constants import constants
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks

@ -60,8 +61,6 @@ configuration was not set up properly. Please run ipa-ldap-updater manually
 and re-run ipa-adtrust-instal again afterwards.
 """

-SELINUX_BOOLEAN_SETTINGS = {'samba_portmapper': 'on'}
-

 def check_inst():
    for smbfile in [paths.SMBD, paths.NET]:
@ -593,7 +592,7 @@ class ADTRUSTInstance(service.Service):

    def __configure_selinux_for_smbd(self):
        try:
-            tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS,
+            tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_ADTRUST,
                                       self.backup_state)
        except ipapython.errors.SetseboolError as e:
            self.print_msg(e.format_service_warning('adtrust service'))
@ -880,7 +879,7 @@ class ADTRUSTInstance(service.Service):

        # Restore the state of affected selinux booleans
        boolean_states = {name: self.restore_state(name)
-                          for name in SELINUX_BOOLEAN_SETTINGS}
+                          for name in constants.SELINUX_BOOLEAN_ADTRUST}
        try:
            tasks.set_selinux_booleans(boolean_states)
        except ipapython.errors.SetseboolError as e:
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@ -799,7 +799,7 @@ class Restore(admintool.AdminTool):
        bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
        if 'ADTRUST' in self.backup_services:
            if adtrustinstance:
-                bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)
+                bools.update(constants.SELINUX_BOOLEAN_ADTRUST)
            else:
                self.log.error(
                    'The AD trust package was not found, '