URL: https://github.com/freeipa/freeipa/pull/796
Author: MartinBasti
Title: #796: [WIP] Move selinux booleans to ipaplatform
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/796/head:pr796
git checkout pr796
From 95565fa130df69b25db28c5d5bbffeda31df9602 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 18 May 2017 17:19:23 +0200
Subject: [PATCH 1/2] httpd: move SELinux settings to constants
SELinux is platform dependend, moving boolean setting to platform module.
---
ipaplatform/base/constants.py | 6 ++++++
ipaserver/install/httpinstance.py | 11 ++---------
ipaserver/install/ipa_restore.py | 2 +-
3 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index dccb0e7191..8b98b06fe9 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -27,4 +27,10 @@ class BaseConstantsNamespace(object):
ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
+ SELINUX_BOOLEAN_HTTPD = {
+ 'httpd_can_network_connect': 'on',
+ 'httpd_manage_ipa': 'on',
+ 'httpd_run_ipa': 'on',
+ 'httpd_dbus_sssd': 'on',
+ }
SSSD_USER = "sssd"
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index c76a1a4e48..608652033e 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -50,13 +50,6 @@
from ipaplatform.paths import paths
from ipaplatform import services
-SELINUX_BOOLEAN_SETTINGS = dict(
- httpd_can_network_connect='on',
- httpd_manage_ipa='on',
- httpd_run_ipa='on',
- httpd_dbus_sssd='on',
-)
-
HTTPD_USER = constants.HTTPD_USER
KDCPROXY_USER = constants.KDCPROXY_USER
@@ -193,7 +186,7 @@ def __enable(self):
def configure_selinux_for_httpd(self):
try:
- tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS,
+ tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_HTTPD,
self.backup_state)
except ipapython.errors.SetseboolError as e:
self.print_msg(e.format_service_warning('web interface'))
@@ -556,7 +549,7 @@ def uninstall(self):
# Restore SELinux boolean states
boolean_states = {name: self.restore_state(name)
- for name in SELINUX_BOOLEAN_SETTINGS}
+ for name in constants.SELINUX_BOOLEAN_HTTPD}
try:
tasks.set_selinux_booleans(boolean_states)
except ipapython.errors.SetseboolError as e:
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 96fc493c77..da66e9cbe0 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -796,7 +796,7 @@ def __create_dogtag_log_dirs(self):
self.log.error('Problem with %s: %s' % (dir, e))
def restore_selinux_booleans(self):
- bools = dict(httpinstance.SELINUX_BOOLEAN_SETTINGS)
+ bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
if 'ADTRUST' in self.backup_services:
if adtrustinstance:
bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)
From 8881f948490764b3eb5c13bb5342054537ed3d30 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 18 May 2017 17:23:54 +0200
Subject: [PATCH 2/2] adtrust: move SELinux settings to constants
SELinux is platform dependend, moving boolean setting to platform module.
---
ipaplatform/base/constants.py | 3 +++
ipaserver/install/adtrustinstance.py | 7 +++----
ipaserver/install/ipa_restore.py | 2 +-
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py
index 8b98b06fe9..6592c63d97 100644
--- a/ipaplatform/base/constants.py
+++ b/ipaplatform/base/constants.py
@@ -27,6 +27,9 @@ class BaseConstantsNamespace(object):
ODS_GROUP = "ods"
# nfsd init variable used to enable kerberized NFS
SECURE_NFS_VAR = "SECURE_NFS"
+ SELINUX_BOOLEAN_ADTRUST = {
+ 'samba_portmapper': 'on',
+ }
SELINUX_BOOLEAN_HTTPD = {
'httpd_can_network_connect': 'on',
'httpd_manage_ipa': 'on',
diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py
index b4db055045..66dd6b57b6 100644
--- a/ipaserver/install/adtrustinstance.py
+++ b/ipaserver/install/adtrustinstance.py
@@ -45,6 +45,7 @@
import ipaclient.install.ipachangeconf
from ipaplatform import services
+from ipaplatform.constants import constants
from ipaplatform.paths import paths
from ipaplatform.tasks import tasks
@@ -60,8 +61,6 @@
and re-run ipa-adtrust-instal again afterwards.
"""
-SELINUX_BOOLEAN_SETTINGS = {'samba_portmapper': 'on'}
-
def check_inst():
for smbfile in [paths.SMBD, paths.NET]:
@@ -593,7 +592,7 @@ def __add_dns_service_records(self):
def __configure_selinux_for_smbd(self):
try:
- tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS,
+ tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_ADTRUST,
self.backup_state)
except ipapython.errors.SetseboolError as e:
self.print_msg(e.format_service_warning('adtrust service'))
@@ -880,7 +879,7 @@ def uninstall(self):
# Restore the state of affected selinux booleans
boolean_states = {name: self.restore_state(name)
- for name in SELINUX_BOOLEAN_SETTINGS}
+ for name in constants.SELINUX_BOOLEAN_ADTRUST}
try:
tasks.set_selinux_booleans(boolean_states)
except ipapython.errors.SetseboolError as e:
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index da66e9cbe0..f786c746bb 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -799,7 +799,7 @@ def restore_selinux_booleans(self):
bools = dict(constants.SELINUX_BOOLEAN_HTTPD)
if 'ADTRUST' in self.backup_services:
if adtrustinstance:
- bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)
+ bools.update(constants.SELINUX_BOOLEAN_ADTRUST)
else:
self.log.error(
'The AD trust package was not found, '
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
