Move setting SELinux booleans to platform code

Create a platform task for setting SELinux booleans. Use an exception for the case when the booleans could not be set (since this is an error if not handled). Since ipaplatform should not depend on ipalib, create a new errors module in ipapython for SetseboolError. Handle uninstallation with the same task, which means the booleans are now restored with a single call to setsebool. Preparation for: https://fedorahosted.org/freeipa/ticket/4157 Fixes: https://fedorahosted.org/freeipa/ticket/2934 Fixes: https://fedorahosted.org/freeipa/ticket/2519 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-08-14 17:14:07 +02:00
parent 757272a3f8
commit c7d6fea06f
5 changed files with 152 additions and 119 deletions
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -132,4 +132,23 @@ class BaseTaskNamespace(object):

        return

+    def set_selinux_booleans(self, required_settings, backup_func=None):
+        """Set the specified SELinux booleans
+
+        :param required_settings: A dictionary mapping the boolean names
+                                  to desired_values.
+                                  The desired value can be 'on' or 'off'.
+
+        :param backup_func: A function called for each boolean with two
+                            arguments: the name and the previous value
+
+        If SELinux is disabled, return False; on success returns True.
+
+        If setting the booleans fails,
+        an ipapython.errors.SetseboolError is raised.
+        """
+
+        return
+
+
 task_namespace = BaseTaskNamespace()