389-ds-base

Clone
Source Code
GIT

#50388 Issue 50387 - enable_tls() should label ports with ldap_port_t
Closed 3 years ago by spichugi. Opened 4 years ago by vashirov.
vashirov/389-ds-base enable_tls_selinux  into  master

file modified
+1 -1 
@@ -67,7 +67,7 @@ 
 

  

      # Try using new remote location
 

      # If SELinux is enabled, plugin can't be loaded as it's not labeled properly
 

-     if selinux_present:
 

+     if selinux_present():
 

          import selinux
 

          if selinux.is_selinux_enabled():
 

              with pytest.raises(ldap.UNWILLING_TO_PERFORM):

file modified
+6 -1 
@@ -86,7 +86,9 @@ 
 

      ensure_bytes,
 

      ensure_str,
 

      ensure_list_str,
 

-     format_cmd_list)
 

+     format_cmd_list,
 

+     selinux_present,
 

+     selinux_label_port)
 

  from lib389.paths import Paths
 

  from lib389.nss_ssl import NssSsl
 

  from lib389.tasks import BackupTask, RestoreTask
 
@@ -1591,6 +1593,9 @@ 
 

          self.config.set('nsslapd-security', 'on')
 

          self.use_ldaps_uri()
 

  

+         if selinux_present():
 

+             selinux_label_port(self.sslport)
 

+ 

          if self.ds_paths.perl_enabled:
 

              # We don't setup sslport correctly in perl installer ....
 

              self.config.set('nsslapd-secureport', '%s' % self.sslport)

Bug Description:
In some tests we use enable_tls(), but the secure port doesn't get
labeled automatically with ldap_port_t.

Fix Description:
Fix enable_tls() to label secure port.

Fixes https://pagure.io/389-ds-base/issue/50387

Reviewed by: ???

Ack

rebased onto 487899c80ae126c28aac8affb1140b9998aa9e12
4 years ago

rebased onto 90700854f2540605d0e3ecdae5fe2e4fe6a8b6fe
4 years ago

rebased onto f2c63bc
4 years ago

Pull-Request has been merged by vashirov
4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3446

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 2
+1 -1
file changed
dirsrvtests/tests/suites/plugins/pluginpath_validation_test.py
+6 -1
file changed
src/lib389/lib389/__init__.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.