Mailinglist Archive: yast-commit (590 mails)

< Previous Next >
[yast-commit] r61621 - in /trunk/bootloader: VERSION package/yast2-bootloader.changes src/modules/Bootloader.ycp
  • From: juhliarik@xxxxxxxxxxxxxxxx
  • Date: Thu, 08 Apr 2010 14:45:52 -0000
  • Message-id: <E1NzszQ-0004n7-Mt@xxxxxxxxxxxxxxxx>
Author: juhliarik
Date: Thu Apr 8 16:45:52 2010
New Revision: 61621

URL: http://svn.opensuse.org/viewcvs/yast?rev=61621&view=rev
Log:
added support for enable/disable SELinux fate#309275

Modified:
trunk/bootloader/VERSION
trunk/bootloader/package/yast2-bootloader.changes
trunk/bootloader/src/modules/Bootloader.ycp

Modified: trunk/bootloader/VERSION
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/VERSION?rev=61621&r1=61620&r2=61621&view=diff
==============================================================================
--- trunk/bootloader/VERSION (original)
+++ trunk/bootloader/VERSION Thu Apr 8 16:45:52 2010
@@ -1 +1 @@
-2.19.10
+2.19.11

Modified: trunk/bootloader/package/yast2-bootloader.changes
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/package/yast2-bootloader.changes?rev=61621&r1=61620&r2=61621&view=diff
==============================================================================
--- trunk/bootloader/package/yast2-bootloader.changes (original)
+++ trunk/bootloader/package/yast2-bootloader.changes Thu Apr 8 16:45:52 2010
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Thu Apr 8 15:55:40 CEST 2010 - juhliarik@xxxxxxx
+
+- added patch for enable/disable SELinux (fate#309275)
+- 2.19.11
+
+-------------------------------------------------------------------
Wed Mar 31 12:09:27 CEST 2010 - juhliarik@xxxxxxx

- added fix for sending empty "boot_custom" (bnc#589433)

Modified: trunk/bootloader/src/modules/Bootloader.ycp
URL:
http://svn.opensuse.org/viewcvs/yast/trunk/bootloader/src/modules/Bootloader.ycp?rev=61621&r1=61620&r2=61621&view=diff
==============================================================================
--- trunk/bootloader/src/modules/Bootloader.ycp (original)
+++ trunk/bootloader/src/modules/Bootloader.ycp Thu Apr 8 16:45:52 2010
@@ -61,6 +61,9 @@
global define void DelDuplicatedSections();
global define void ResolveSymlinksInSections();
void createSELinuxDir ();
+ void handleSELinuxPAM ();
+ void enableSELinuxPAM ();
+ void disableSELinuxPAM ();
/**
* Write is repeating again
* Because of progress bar during inst_finish
@@ -565,6 +568,7 @@
ret = ret && blWrite ();
// FATE#305557: Enable SELinux for 11.2
createSELinuxDir ();
+ handleSELinuxPAM ();
if (! ret)
{
y2error ("Installing bootloader failed");
@@ -695,6 +699,7 @@
ret = ret && blWrite ();
// FATE#305557: Enable SELinux for 11.2
createSELinuxDir ();
+ handleSELinuxPAM ();
if (! ret)
{
y2error ("Installing bootloader failed");
@@ -1521,4 +1526,60 @@
}
}

+/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in
yast2_bootloader
+ * Function take care about enable/disable SELinuc
+ *
+ */
+void handleSELinuxPAM ()
+{
+ y2milestone("handleSELinuxPAM called");
+ if (Mode::normal() || Mode::installation())
+ {
+ if (BootCommon::enable_selinux)
+ {
+ y2milestone("call enableSELinuxPAM");
+ enableSELinuxPAM ();
+ } else {
+ y2milestone("call disableSELinuxPAM");
+ disableSELinuxPAM ();
+ }
+ } else {
+ y2milestone("Skip changing SELinux/AppArmor PAM config -> wrong mode");
+ }
+
+}
+
+
+/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in
yast2_bootloader
+ * Function enable SELinux
+ *
+ */
+void enableSELinuxPAM ()
+{
+ string cmd_enable_se = "pam-config -a --selinux 2>/dev/null";
+ string cmd_disable_aa = "pam-config -d --apparmor 2>/dev/null";
+
+ map out = (map) SCR::Execute (.target.bash, cmd_disable_aa);
+ y2debug("result of disabling the AppArmor PAM module is %1", out);
+
+ out = (map) SCR::Execute (.target.bash, cmd_enable_se);
+ y2debug("result of enabling the SELinux PAM module is %1", out);
+}
+
+/** Fate #309275 SELinux: enable pam_selinux when switching on SELinux in
yast2_bootloader
+ * Function disable SELinux
+ *
+ */
+void disableSELinuxPAM ()
+{
+ string cmd_disable_se = "pam-config -d --selinux 2>/dev/null";
+ string cmd_enable_aa = "pam-config -a --apparmor 2>/dev/null";
+
+ map out = (map) SCR::Execute (.target.bash, cmd_disable_se);
+ y2debug("result of disabling the SELinux PAM module is %1", out);
+
+ out = (map) SCR::Execute (.target.bash, cmd_enable_aa);
+ y2debug("result of enabling the AppArmor PAM module is %1", out);
+}
+
}

--
To unsubscribe, e-mail: yast-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages