Author: juhliarik Date: Thu Apr 8 16:45:52 2010 New Revision: 61621 URL: http://svn.opensuse.org/viewcvs/yast?rev=61621&view=rev Log: added support for enable/disable SELinux fate#309275 Modified: trunk/bootloader/VERSION trunk/bootloader/package/yast2-bootloader.changes trunk/bootloader/src/modules/Bootloader.ycp Modified: trunk/bootloader/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/VERSION?rev=61621&r1=61620&r2=61621&view=diff ============================================================================== --- trunk/bootloader/VERSION (original) +++ trunk/bootloader/VERSION Thu Apr 8 16:45:52 2010 @@ -1 +1 @@ -2.19.10 +2.19.11 Modified: trunk/bootloader/package/yast2-bootloader.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/package/yast2-bootloader.changes?rev=61621&r1=61620&r2=61621&view=diff ============================================================================== --- trunk/bootloader/package/yast2-bootloader.changes (original) +++ trunk/bootloader/package/yast2-bootloader.changes Thu Apr 8 16:45:52 2010 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Thu Apr 8 15:55:40 CEST 2010 - juhliarik@suse.cz + +- added patch for enable/disable SELinux (fate#309275) +- 2.19.11 + +------------------------------------------------------------------- Wed Mar 31 12:09:27 CEST 2010 - juhliarik@suse.cz - added fix for sending empty "boot_custom" (bnc#589433) Modified: trunk/bootloader/src/modules/Bootloader.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/src/modules/Bootloader.ycp?rev=61621&r1=61620&r2=61621&view=diff ============================================================================== --- trunk/bootloader/src/modules/Bootloader.ycp (original) +++ trunk/bootloader/src/modules/Bootloader.ycp Thu Apr 8 16:45:52 2010 @@ -61,6 +61,9 @@ global define void DelDuplicatedSections(); global define void ResolveSymlinksInSections(); void createSELinuxDir (); + void handleSELinuxPAM (); + void enableSELinuxPAM (); + void disableSELinuxPAM (); /** * Write is repeating again * Because of progress bar during inst_finish @@ -565,6 +568,7 @@ ret = ret && blWrite (); // FATE#305557: Enable SELinux for 11.2 createSELinuxDir (); + handleSELinuxPAM (); if (! ret) { y2error ("Installing bootloader failed"); @@ -695,6 +699,7 @@ ret = ret && blWrite (); // FATE#305557: Enable SELinux for 11.2 createSELinuxDir (); + handleSELinuxPAM (); if (! ret) { y2error ("Installing bootloader failed"); @@ -1521,4 +1526,60 @@ } } +/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in yast2_bootloader + * Function take care about enable/disable SELinuc + * + */ +void handleSELinuxPAM () +{ + y2milestone("handleSELinuxPAM called"); + if (Mode::normal() || Mode::installation()) + { + if (BootCommon::enable_selinux) + { + y2milestone("call enableSELinuxPAM"); + enableSELinuxPAM (); + } else { + y2milestone("call disableSELinuxPAM"); + disableSELinuxPAM (); + } + } else { + y2milestone("Skip changing SELinux/AppArmor PAM config -> wrong mode"); + } + +} + + +/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in yast2_bootloader + * Function enable SELinux + * + */ +void enableSELinuxPAM () +{ + string cmd_enable_se = "pam-config -a --selinux 2>/dev/null"; + string cmd_disable_aa = "pam-config -d --apparmor 2>/dev/null"; + + map out = (map) SCR::Execute (.target.bash, cmd_disable_aa); + y2debug("result of disabling the AppArmor PAM module is %1", out); + + out = (map) SCR::Execute (.target.bash, cmd_enable_se); + y2debug("result of enabling the SELinux PAM module is %1", out); +} + +/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in yast2_bootloader + * Function disable SELinux + * + */ +void disableSELinuxPAM () +{ + string cmd_disable_se = "pam-config -d --selinux 2>/dev/null"; + string cmd_enable_aa = "pam-config -a --apparmor 2>/dev/null"; + + map out = (map) SCR::Execute (.target.bash, cmd_disable_se); + y2debug("result of disabling the SELinux PAM module is %1", out); + + out = (map) SCR::Execute (.target.bash, cmd_enable_aa); + y2debug("result of enabling the AppArmor PAM module is %1", out); +} + } -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org