summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2016-02-23 12:25:23 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2016-03-02 15:26:59 +0100
commitc4b8e2b09a566aed14a21b861daf362c5d55586f (patch)
tree852c056242b6043b075837ce6b6f52f041a5d79f
parent124f404d41bb7dee79ea62ec85291ee902d90af7 (diff)
downloadpykolab-c4b8e2b09a566aed14a21b861daf362c5d55586f.tar.gz
Check the current status of SELinux, and the configuration for the next system cycle
Summary: Resolves T992 Test Plan: # Install Kolab on CentOS 7 # Configure SELinux to enforce the targeted policy # Run setup-kolab # Expect an error Reviewers: #pykolab_developers, vanmeeuwen Reviewed By: #pykolab_developers, vanmeeuwen Maniphest Tasks: T992 Differential Revision: https://git.kolab.org/D85
-rw-r--r--pykolab/setup/__init__.py31
-rwxr-xr-xsetup-kolab.py1
2 files changed, 32 insertions, 0 deletions
diff --git a/pykolab/setup/__init__.py b/pykolab/setup/__init__.py
index ad66bc1..52bee91 100644
--- a/pykolab/setup/__init__.py
+++ b/pykolab/setup/__init__.py
@@ -21,6 +21,7 @@ import os
import sys
import pykolab
+from pykolab.translate import _
log = pykolab.getLogger('pykolab.setup')
conf = pykolab.getConf()
@@ -40,6 +41,36 @@ class Setup(object):
to_execute.append(sys.argv[arg_num].replace('-','_'))
def run(self):
+ if os.path.isfile('/sys/fs/selinux/enforce'):
+ if os.access('/sys/fs/selinux/enforce', os.R_OK):
+ # Set a gentle default because strictly speaking,
+ # setup won't fail (run-time does)
+ enforce = "0"
+
+ with open('/sys/fs/selinux/enforce', 'r') as f:
+ enforce = f.read()
+
+ if enforce.strip() == "1":
+ log.fatal(
+ _("SELinux currently enforcing. Read " + \
+ "https://git.kolab.org/u/1")
+ )
+
+ sys.exit(1)
+
+ if os.path.isfile('/etc/selinux/config'):
+ if os.access('/etc/selinux/config', os.R_OK):
+ with open('/etc/selinux/config', 'r') as f:
+ for line in f:
+ if line.strip() == "SELINUX=enforcing":
+ log.fatal(
+ _("SELinux configured to enforce a " + \
+ "policy on startup. Read " + \
+ "https://git.kolab.org/u/1")
+ )
+
+ sys.exit(1)
+
components.execute('_'.join(to_execute))
if os.path.exists('/tmp/kolab-setup-my.cnf'):
diff --git a/setup-kolab.py b/setup-kolab.py
index e096b2c..914be99 100755
--- a/setup-kolab.py
+++ b/setup-kolab.py
@@ -29,6 +29,7 @@ sys.path = ['.'] + sys.path
import pykolab
from pykolab.setup import Setup
+from pykolab.translate import _
try:
from pykolab.constants import *