Check to see if SELinux is enabled and restorecon exists before trying to run it. This will prevent client install failures if SELinux isn't enabled.

rob
>From 0c3bec796234f02fe0ee4ffb68e1a9b7bec26438 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 22 Feb 2012 23:01:17 -0500
Subject: [PATCH] Don't run restorecon if SELinux is disabled or not present.

Also check for the existence of restorecon. This may be overkill but
it will prevent a client installation from failing for no good reason.

https://fedorahosted.org/freeipa/ticket/2368
---
 ipapython/platform/redhat.py |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/ipapython/platform/redhat.py b/ipapython/platform/redhat.py
index aee8bcc3dd54063dfe14c4bec82958c11cf1e541..bd79a5312eab1621aa575c3fe98577a65a86f3a9 100644
--- a/ipapython/platform/redhat.py
+++ b/ipapython/platform/redhat.py
@@ -140,7 +140,18 @@ def restore_context(filepath):
 
     ipautil.run() will do the logging.
     """
-    ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
+    try:
+        if (os.path.exists('/usr/sbin/selinuxenabled')):
+            ipautil.run(["/usr/sbin/selinuxenabled"])
+        else:
+            # No selinuxenabled, no SELinux
+            return
+    except ipautil.CalledProcessError:
+        # selinuxenabled returns 1 if not enabled
+        return
+
+    if (os.path.exists('/sbin/restorecon')):
+        ipautil.run(["/sbin/restorecon", filepath], raiseonerr=False)
 
 def backup_and_replace_hostname(fstore, statestore, hostname):
     old_hostname = socket.gethostname()
-- 
1.7.6.5

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to