ldap/admin/src/scripts/DSCreate.pm.in | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
New commits:
commit 72a638098626bb84d9c7f2c233c1231d3b539f27
Author: Noriko Hosoi <nhosoi(a)redhat.com>
Date: Thu Oct 8 11:43:36 2015 -0700
Ticket #48305 - perl module conditional test is not conditional when checking SELinux
policies
Description: If sestatus reports SELinux is disabled, SELinux commands
such as semanage and restorecon fail. This patch checks the availability
and only if the status says SELinux is enabled, it calls the SELinux
commands.
https://fedorahosted.org/389/ticket/48305
Reviewed by mreynolds(a)redhat.com (Thank you, Mark!!)
(cherry picked from commit 9fefc13c02c9ae037fad053152193794706aaa31)
(cherry picked from commit 2a05a3a75ce082a28375cb2f687739d7474164a1)
(cherry picked from commit b20756b735cf62763822ba93d892608e7a715b18)
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in
b/ldap/admin/src/scripts/DSCreate.pm.in
index 30de40e..76d2e88 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -969,9 +969,11 @@ sub setDefaults {
sub updateSelinuxPolicy {
my $inf = shift;
+ my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL
");
# if selinux is not available, do nothing
- if ("@with_selinux@") {
+ if ("@with_selinux@" and
+ -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep
-i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) {
my $localstatedir = $inf->{slapd}->{localstatedir};
# run restorecon on all of the parent directories we
@@ -1375,7 +1377,9 @@ sub removeDSInstance {
}
# remove the selinux label from the ports if needed
- if ("@with_selinux@") {
+ my $mydevnull = (-f "/dev/null" ? " /dev/null " : " NUL
");
+ if ("@with_selinux@" and
+ -f "@sbindir@/sestatus" and !system ("@sbindir@/sestatus | egrep
-i \"selinux status:\\s*enabled\" > $mydevnull 2>&1")) {
foreach my $port (@{$entry->{"nsslapd-port"}})
{
my $semanage_err = `semanage port -d -t ldap_port_t -p tcp $port
2>&1`;