IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipaplatform: Move restore_context and check_selinux_status implementations to base fedora platform tasks

Browse Source 
https://fedorahosted.org/freeipa/ticket/4052

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Tomas Babej
2014-05-26 17:23:04 +02:00
committed by Petr Viktorin
parent c465eb842f
commit 6a4cd8a4e3
2 changed files with 59 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
ipaplatform/fedora/tasks.py
View File

@@ -1,7 +1,8 @@
# Authors: # Authors: Simo Sorce <ssorce@redhat.com>
# Alexander Bokovoy <abokovoy@redhat.com>
# Tomas Babej <tbabej@redhat.com> # Tomas Babej <tbabej@redhat.com>
# #
# Copyright (C) 2014 Red Hat # Copyright (C) 2007-2014 Red Hat
# see file 'COPYING' for use and warranty information # see file 'COPYING' for use and warranty information
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
@@ -20,3 +21,58 @@
''' '''
This module contains default Fedora-specific implementations of system tasks. This module contains default Fedora-specific implementations of system tasks.
''' '''
import os
import ipautil
from ipaplatform.base.tasks import *
def restore_context(filepath, restorecon='/sbin/restorecon'):
"""
restore security context on the file path
SELinux equivalent is /path/to/restorecon <filepath>
restorecon's return values are not reliable so we have to
ignore them (BZ #739604).
ipautil.run() will do the logging.
"""
try:
if os.path.exists('/usr/sbin/selinuxenabled'):
ipautil.run(["/usr/sbin/selinuxenabled"])
else:
# No selinuxenabled, no SELinux
return
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
return
if (os.path.exists(restorecon)):
ipautil.run([restorecon, filepath], raiseonerr=False)
def check_selinux_status(restorecon='/sbin/restorecon'):
"""
We don't have a specific package requirement for policycoreutils
which provides restorecon. This is because we don't require
SELinux on client installs. However if SELinux is enabled then
this package is required.
This function returns nothing but may raise a Runtime exception
if SELinux is enabled but restorecon is not available.
"""
try:
if os.path.exists('/usr/sbin/selinuxenabled'):
ipautil.run(["/usr/sbin/selinuxenabled"])
else:
# No selinuxenabled, no SELinux
return
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
return
if not os.path.exists(restorecon):
raise RuntimeError('SELinux is enabled but %s does not exist.\n'
'Install the policycoreutils package and start the '
'installation again.' % restorecon)

44
ipapython/platform/redhat/__init__.py
View File

@@ -58,28 +58,6 @@ authconfig = RedHatAuthConfig
service = redhat_service service = redhat_service
knownservices = RedHatServices() knownservices = RedHatServices()
def restore_context(filepath, restorecon='/sbin/restorecon'):
"""
restore security context on the file path
SELinux equivalent is /path/to/restorecon <filepath>
restorecon's return values are not reliable so we have to
ignore them (BZ #739604).
ipautil.run() will do the logging.
"""
try:
if (os.path.exists('/usr/sbin/selinuxenabled')):
ipautil.run(["/usr/sbin/selinuxenabled"])
else:
# No selinuxenabled, no SELinux
return
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
return
if (os.path.exists(restorecon)):
ipautil.run([restorecon, filepath], raiseonerr=False)
def backup_and_replace_hostname(fstore, statestore, hostname): def backup_and_replace_hostname(fstore, statestore, hostname):
old_hostname = socket.gethostname() old_hostname = socket.gethostname()
@@ -105,28 +83,6 @@ def backup_and_replace_hostname(fstore, statestore, hostname):
else: else:
statestore.backup_state('network', 'hostname', old_hostname) statestore.backup_state('network', 'hostname', old_hostname)
def check_selinux_status(restorecon='/sbin/restorecon'):
"""
We don't have a specific package requirement for policycoreutils
which provides restorecon. This is because we don't require
SELinux on client installs. However if SELinux is enabled then
this package is required.
This function returns nothing but may raise a Runtime exception
if SELinux is enabled but restorecon is not available.
"""
try:
if (os.path.exists('/usr/sbin/selinuxenabled')):
ipautil.run(["/usr/sbin/selinuxenabled"])
else:
# No selinuxenabled, no SELinux
return
except ipautil.CalledProcessError:
# selinuxenabled returns 1 if not enabled
return
if not os.path.exists(restorecon):
raise RuntimeError('SELinux is enabled but %s does not exist.\nInstall the policycoreutils package and start the installation again.' % restorecon)
def restore_network_configuration(fstore, statestore): def restore_network_configuration(fstore, statestore):
filepath = '/etc/sysconfig/network' filepath = '/etc/sysconfig/network'