From 68e08801b9e00ece45600fc81cf971786deaa36c Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Jan 16 2019 17:36:59 +0000 Subject: Ticket 50165 - Fix dscreate issues Description: There were some recent regressions about selinux in dscreate. - When skipping labelling of default port an error message was incorrectly logged - restorecon was not using the correct path https://pagure.io/389-ds-base/issue/50165 Reviewed by: firstyear & mhonek (Thanks!!) --- diff --git a/src/lib389/lib389/instance/setup.py b/src/lib389/lib389/instance/setup.py index 931ed05..d8c513e 100644 --- a/src/lib389/lib389/instance/setup.py +++ b/src/lib389/lib389/instance/setup.py @@ -828,7 +828,7 @@ class SetupDs(object): selinux_paths = ('backup_dir', 'cert_dir', 'config_dir', 'db_dir', 'ldif_dir', 'lock_dir', 'log_dir', 'run_dir', 'schema_dir', 'tmp_dir') for path in selinux_paths: - selinux_restorecon(path) + selinux_restorecon(slapd[path]) selinux_label_port(slapd['port']) diff --git a/src/lib389/lib389/utils.py b/src/lib389/lib389/utils.py index c06b3bc..0b90da2 100644 --- a/src/lib389/lib389/utils.py +++ b/src/lib389/lib389/utils.py @@ -172,6 +172,7 @@ _chars = { # Utilities # + def selinux_restorecon(path): """ Relabel a filesystem rooted at path. @@ -195,6 +196,7 @@ def selinux_restorecon(path): except: log.debug("Failed to run restorecon on: " + path) + def selinux_label_port(port, remove_label=False): """ Either set or remove an SELinux label(ldap_port_t) for a TCP port @@ -225,7 +227,7 @@ def selinux_label_port(port, remove_label=False): # a RH based system. selinux_default_ports = [389, 636, 3268, 3269, 7389] if port in selinux_default_ports: - log.error('port %s already in %s, skipping port relabel' % (port, selinux_default_ports)) + log.debug('port %s already in %s, skipping port relabel' % (port, selinux_default_ports)) return label_set = False