[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Freeipa-devel] [PATCH] 962 don't fail if SELinux isn't installed



Check to see if SELinux is enabled and restorecon exists before trying to run it. This will prevent client install failures if SELinux isn't enabled.

rob
>From 0c3bec796234f02fe0ee4ffb68e1a9b7bec26438 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten redhat com>
Date: Wed, 22 Feb 2012 23:01:17 -0500
Subject: [PATCH] Don't run restorecon if SELinux is disabled or not present.

Also check for the existence of restorecon. This may be overkill but
it will prevent a client installation from failing for no good reason.

https://fedorahosted.org/freeipa/ticket/2368
---
 ipapython/platform/redhat.py |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py
index aee8bcc3dd54063dfe14c4bec82958c11cf1e541..bd79a5312eab1621aa575c3fe98577a65a86f3a9 100644
--- a/ipapython/platform/redhat.py
+++ b/ipapython/platform/redhat.py
@@ -140,7 +140,18 @@ def restore_context(filepath):
 
     ipautil.run() will do the logging.
     """
-    ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
+    try:
+        if (os.path.exists('/usr/sbin/selinuxenabled')):
+            ipautil.run(["/usr/sbin/selinuxenabled"])
+        else:
+            # No selinuxenabled, no SELinux
+            return
+    except ipautil.CalledProcessError:
+        # selinuxenabled returns 1 if not enabled
+        return
+
+    if (os.path.exists('/sbin/restorecon')):
+        ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
 
 def backup_and_replace_hostname(fstore, statestore, hostname):
     old_hostname = socket.gethostname()
-- 
1.7.6.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]