[Freeipa-devel] [PATCH] 1037 optimize restoring SELinux booleans

Mon, 01 Oct 2012 07:42:08 -0700

The web uninstall step can be very long because we restore two SELinux booleans individually. This patch combines them into a single step, and skips setting them if the values won't actually change. 

rob

>From f9cfa7252e7a5d967ca0786c56431589b4489660 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Wed, 26 Sep 2012 16:45:52 -0400
Subject: [PATCH] Selectively restore SELinux booleans on uninstall

Restore only those values that have changed and do the restoration
in a single step instead of one at a time.  This improves uninstall
performance in the web server step.

https://fedorahosted.org/freeipa/ticket/2934
---
 ipaserver/install/httpinstance.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index e1d8b6db8503cf8eacc337b58f49054f3590eda4..ee6506f62001d057403e02b4b64716223959d220 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -340,14 +340,25 @@ class HTTPInstance(service.Service):
         installutils.remove_file("/etc/httpd/conf.d/ipa.conf")
         installutils.remove_file("/etc/httpd/conf.d/ipa-pki-proxy.conf")
 
+        changes = []
         for var in ["httpd_can_network_connect", "httpd_manage_ipa"]:
             sebool_state = self.restore_state(var)
             if not sebool_state is None:
                 try:
-                    ipautil.run(["/usr/sbin/setsebool", "-P", var, sebool_state])
+                    (stdout, stderr, returncode) = ipautil.run(["/usr/sbin/getsebool", var])
                 except ipautil.CalledProcessError, e:
-                    self.print_msg("Cannot restore SELinux boolean '%s' back to '%s': %s" \
-                            % (var, sebool_state, e))
+                    self.print_msg("Cannot get current state of SELinux boolean: %s" % e)
+                else:
+                    current_state = stdout.split()[2]
+                    if current_state != sebool_state:
+                        changes.append('%s=%s' % (var, sebool_state))
+        if changes:
+            args = ["/usr/sbin/setsebool", "-P"]
+            args.extend(changes)
+            try:
+                ipautil.run(args)
+            except ipautil.CalledProcessError, e:
+                self.print_msg("Cannot restore SELinux booleans: %s" % e)
 
         if not running is None and running:
             self.start()
-- 
1.7.11.4


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to