From 2a05a3a75ce082a28375cb2f687739d7474164a1 Mon Sep 17 00:00:00 2001
From: Noriko Hosoi <nhosoi@redhat.com>
Date: Oct 14 2015 15:56:14 +0000
Subject: Ticket #48305 - perl module conditional test is not conditional when checking SELinux policies


Description: If sestatus reports SELinux is disabled, SELinux commands
such as semanage and restorecon fail.  This patch checks the availability
and only if the status says SELinux is enabled, it calls the SELinux
commands.

https://fedorahosted.org/389/ticket/48305

Reviewed by mreynolds@redhat.com (Thank you, Mark!!)

(cherry picked from commit 9fefc13c02c9ae037fad053152193794706aaa31)

---

diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index cdde339..3ce5a73 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -956,9 +956,11 @@ sub setDefaults {
 
 sub updateSelinuxPolicy {
     my $inf = shift;
+    my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL ");
 
     # if selinux is not available, do nothing
-    if ((getLogin() eq 'root') and "@with_selinux@") {
+    if ((getLogin() eq 'root') and "@with_selinux@" and
+        -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) {
         my $localstatedir = $inf->{slapd}->{localstatedir};
 
         # run restorecon on all of the parent directories we
@@ -1404,7 +1406,9 @@ sub removeDSInstance {
     }
 
     # remove the selinux label from the ports if needed
-    if ((getLogin() eq 'root') and "@with_selinux@") {
+    my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL ");
+    if ((getLogin() eq 'root') and "@with_selinux@" and
+        -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep -i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) {
         foreach my $port (@{$entry->{"nsslapd-port"}}) 
         {
             my $semanage_err;