Alex Lourie has uploaded a new change for review. Change subject: packaging: checking SELINUX status during ports redirection ......................................................................
packaging: checking SELINUX status during ports redirection Change-Id: I2e9f4c1abc8c58a1b1556ba56f4cc0acfac91050 Bug-Url: https://bugzilla.redhat.com/893562 Signed-off-by: Alex Lourie <alou...@redhat.com> --- M packaging/fedora/setup/basedefs.py M packaging/fedora/setup/engine_validators.py M packaging/fedora/setup/output_messages.py 3 files changed, 20 insertions(+), 1 deletion(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/45/11345/1 diff --git a/packaging/fedora/setup/basedefs.py b/packaging/fedora/setup/basedefs.py index a89eee0..338903e 100644 --- a/packaging/fedora/setup/basedefs.py +++ b/packaging/fedora/setup/basedefs.py @@ -154,6 +154,7 @@ EXEC_SSH_KEYGEN="/usr/bin/ssh-keygen" EXEC_SYSCTL="/sbin/sysctl" EXEC_SYSTEMCTL="/bin/systemctl" +EXEC_GETENFORCE="/usr/sbin/getenforce" EXEC_SETSEBOOL="/usr/sbin/setsebool" EXEC_SEMANAGE="/usr/sbin/semanage" EXEC_KEYTOOL="/usr/bin/keytool" diff --git a/packaging/fedora/setup/engine_validators.py b/packaging/fedora/setup/engine_validators.py index 0b8f5e2..4f156b7 100644 --- a/packaging/fedora/setup/engine_validators.py +++ b/packaging/fedora/setup/engine_validators.py @@ -203,6 +203,18 @@ controller = Controller() utils.setHttpPortsToNonProxyDefault(controller) elif retval: + # check if selinux enabled. If not - ask a user to enable it first, and + # exit if user doesn't want to. + logging.debug("Checking SELINUX status") + cmd = [ + basedefs.EXEC_GETENFORCE, + ] + (out, rc) = execCmd(cmdList=cmd, failOnError=True) + if "Disabled" in out: + logging.debug("SELINUX was found in disabled mode. Asking user to enable") + print output_messages.MSG_ENABLE_SELINUX + if not utils.askYesNo(output_messages.INFO_ASK_ENABLE_SELINIX): + return False #stopping httpd service (in case it's up) when the configuration can be overridden logging.debug("stopping httpd service") utils.Service(basedefs.HTTPD_SERVICE_NAME).stop() @@ -581,7 +593,7 @@ paramToChange = controller.getParamByName("OVERRIDE_HTTPD_CONFIG") paramToChange.setKey("DEFAULT_VALUE", "no") else: - if wereHttpdConfFilesChanged: + if wereHttpdConfFilesChanged(): # If conf files were changed, the user should be asked if he really wants to use ports 80/443 paramToChange = controller.getParamByName("OVERRIDE_HTTPD_CONFIG") paramToChange.setKey("USE_DEFAULT", False) diff --git a/packaging/fedora/setup/output_messages.py b/packaging/fedora/setup/output_messages.py index 7bbd8f6..044f550 100644 --- a/packaging/fedora/setup/output_messages.py +++ b/packaging/fedora/setup/output_messages.py @@ -184,6 +184,9 @@ INFO_VAL_ORG_NAME_TOO_LONG="Error: organization name length is limited to %s characters"%(basedefs.CONST_ORG_NAME_SIZE_LIMIT) INFO_VAL_ORG_NAME_ILLEGAL_CHARS="Error: organization name can't contain ',', '%', '$', '@', '&', '!', '*', '#', '+' characters" +# SELINUX +INFO_ASK_ENABLE_SELINIX = "Would you like to enable SELINUX and continue with the setup?" + #iso domain warning WARN_ISO_DOMAIN_SECURITY="A default ISO share has been created on this host.\n\ If IP based access restrictions are required, please edit %s entry in /etc/exports" @@ -446,3 +449,6 @@ MSG_STOP_UPGRADE_SPACE = "Not enough free space available for the upgrade operation.\ Stopping upgrade.\nIf you would like to perform an upgrade and ignore the space check,\n\ run the upgrade with --no-space-check option" + +MSG_ENABLE_SELINUX = "Warning: it seems that SELINUX is currently disabled. It is not \n +possible to configure ports redirection without enabling SELINUX first." -- To view, visit http://gerrit.ovirt.org/11345 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I2e9f4c1abc8c58a1b1556ba56f4cc0acfac91050 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alex Lourie <alou...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
