FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 05-29-2012, 09:02 AM
Martin Gracik
 
Default Check if selinux is not in Enforcing mode (##824835)

Selinux causes problems for rpm scriptlets in the installroot.
---
src/pylorax/__init__.py | 12 ++++++++++++
1 file changed, 12 insertions(+)

diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py
index 64924ce..44598d5 100644
--- a/src/pylorax/__init__.py
+++ b/src/pylorax/__init__.py
@@ -35,6 +35,7 @@ import os
import ConfigParser
import tempfile
import locale
+import subprocess

from base import BaseLoraxClass, DataHolder
import output
@@ -160,6 +161,17 @@ class Lorax(BaseLoraxClass):
logger.critical("no root privileges")
sys.exit(1)

+ # is selinux disabled?
+ logger.info("checking the selinux mode")
+ try:
+ seoutput = subprocess.check_output("/sbin/getenforce").strip()
+ except subprocess.CalledProcessError:
+ logger.error("could not get the selinux mode")
+ else:
+ if seoutput == "Enforcing":
+ logger.critical("selinux must be disabled or in Permissive mode")
+ sys.exit(1)
+
# do we have a proper yum base object?
logger.info("checking yum base object")
if not isinstance(ybo, yum.YumBase):
--
1.7.9.5

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-31-2012, 04:25 PM
Will Woods
 
Default Check if selinux is not in Enforcing mode (##824835)

On Tue, 2012-05-29 at 11:02 +0200, Martin Gracik wrote:
> Selinux causes problems for rpm scriptlets in the installroot.

You could use the selinux module instead:

import selinux
if selinux.security_getenforce():
...

There's also selinux.security_setenforce(), if you want to turn it off..

Also, could you make a note (in a comment in the code) about *why* we
need to turn off SELinux (i.e. what goes wrong when it's left on), so we
can work on fixing that later?

-w

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 06-01-2012, 06:36 AM
Martin Gracik
 
Default Check if selinux is not in Enforcing mode (##824835)

----- Original Message -----
> On Tue, 2012-05-29 at 11:02 +0200, Martin Gracik wrote:
> > Selinux causes problems for rpm scriptlets in the installroot.
>
> You could use the selinux module instead:

I was looking at this, I tried selinux_getenforcemode() and it didn't work.
I must have overlooked the security_getenforce() method. Thanks.

>
> import selinux
> if selinux.security_getenforce():
> ...
>
> There's also selinux.security_setenforce(), if you want to turn it
> off..

I don't want to turn off anything in lorax. User should be aware he needs to turn it off.

>
> Also, could you make a note (in a comment in the code) about *why* we
> need to turn off SELinux (i.e. what goes wrong when it's left on), so
> we
> can work on fixing that later?

I don't think we can fix it. Selinux just does not behave very good in chroots.
And I put in the comment "Selinux causes problems for rpm scriptlets in the installroot.".
Not enough?

>
> -w
>
> _______________________________________________
> Anaconda-devel-list mailing list
> Anaconda-devel-list@redhat.com
> https://www.redhat.com/mailman/listinfo/anaconda-devel-list
>

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 02:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org