From 1a6de32c9e74493ca677353a0c7f14aa45977b6b Mon Sep 17 00:00:00 2001 From: Martin Basti Date: May 26 2017 06:32:05 +0000 Subject: httpd: move SELinux settings to constants SELinux is platform dependend, moving boolean setting to platform module. Reviewed-By: Martin Babinsky --- diff --git a/ipaplatform/base/constants.py b/ipaplatform/base/constants.py index dccb0e7..8b98b06 100644 --- a/ipaplatform/base/constants.py +++ b/ipaplatform/base/constants.py @@ -27,4 +27,10 @@ class BaseConstantsNamespace(object): ODS_GROUP = "ods" # nfsd init variable used to enable kerberized NFS SECURE_NFS_VAR = "SECURE_NFS" + SELINUX_BOOLEAN_HTTPD = { + 'httpd_can_network_connect': 'on', + 'httpd_manage_ipa': 'on', + 'httpd_run_ipa': 'on', + 'httpd_dbus_sssd': 'on', + } SSSD_USER = "sssd" diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index c76a1a4..6086520 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -50,13 +50,6 @@ from ipaplatform.tasks import tasks from ipaplatform.paths import paths from ipaplatform import services -SELINUX_BOOLEAN_SETTINGS = dict( - httpd_can_network_connect='on', - httpd_manage_ipa='on', - httpd_run_ipa='on', - httpd_dbus_sssd='on', -) - HTTPD_USER = constants.HTTPD_USER KDCPROXY_USER = constants.KDCPROXY_USER @@ -193,7 +186,7 @@ class HTTPInstance(service.Service): def configure_selinux_for_httpd(self): try: - tasks.set_selinux_booleans(SELINUX_BOOLEAN_SETTINGS, + tasks.set_selinux_booleans(constants.SELINUX_BOOLEAN_HTTPD, self.backup_state) except ipapython.errors.SetseboolError as e: self.print_msg(e.format_service_warning('web interface')) @@ -556,7 +549,7 @@ class HTTPInstance(service.Service): # Restore SELinux boolean states boolean_states = {name: self.restore_state(name) - for name in SELINUX_BOOLEAN_SETTINGS} + for name in constants.SELINUX_BOOLEAN_HTTPD} try: tasks.set_selinux_booleans(boolean_states) except ipapython.errors.SetseboolError as e: diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 96fc493..da66e9c 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -796,7 +796,7 @@ class Restore(admintool.AdminTool): self.log.error('Problem with %s: %s' % (dir, e)) def restore_selinux_booleans(self): - bools = dict(httpinstance.SELINUX_BOOLEAN_SETTINGS) + bools = dict(constants.SELINUX_BOOLEAN_HTTPD) if 'ADTRUST' in self.backup_services: if adtrustinstance: bools.update(adtrustinstance.SELINUX_BOOLEAN_SETTINGS)