mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Fix for issue #227
Older versions of selinux, such as that deployed on rhel5, only return a context of user:role:type instead of user:role:type:level. This detects whether the tuple has three elements (old-style) or four. If the old-style, it keeps the secontext list at three elements.
This commit is contained in:
parent
bb1d72f2b4
commit
5c74a524b9
1 changed files with 25 additions and 15 deletions
40
library/file
40
library/file
|
@ -87,6 +87,28 @@ def selinux_default_context(path, mode=0):
|
||||||
debug("got default secontext=%s" % ret[1])
|
debug("got default secontext=%s" % ret[1])
|
||||||
return context
|
return context
|
||||||
|
|
||||||
|
def selinux_context(path):
|
||||||
|
context = [None, None, None, None]
|
||||||
|
if not HAVE_SELINUX:
|
||||||
|
return context
|
||||||
|
try:
|
||||||
|
ret = selinux.lgetfilecon(path)
|
||||||
|
except:
|
||||||
|
fail_json(path=path, msg='failed to retrieve selinux context')
|
||||||
|
if ret[0] == -1:
|
||||||
|
return context
|
||||||
|
context = ret[1].split(':')
|
||||||
|
debug("got current secontext=%s" % ret[1])
|
||||||
|
return context
|
||||||
|
|
||||||
|
# Detect whether using selinux that is selevel-aware
|
||||||
|
# FWIW, rhel5 is not selevel-aware.
|
||||||
|
def selinux_has_selevel(path):
|
||||||
|
r = True
|
||||||
|
if len(selinux_context(path)) == 3:
|
||||||
|
r = False
|
||||||
|
return r
|
||||||
|
|
||||||
# ===========================================
|
# ===========================================
|
||||||
|
|
||||||
argfile = sys.argv[1]
|
argfile = sys.argv[1]
|
||||||
|
@ -123,7 +145,9 @@ serole = params.get('serole', None)
|
||||||
setype = params.get('setype', None)
|
setype = params.get('setype', None)
|
||||||
selevel = params.get('serange', 's0')
|
selevel = params.get('serange', 's0')
|
||||||
context = params.get('context', None)
|
context = params.get('context', None)
|
||||||
secontext = [seuser, serole, setype, selevel]
|
secontext = [seuser, serole, setype]
|
||||||
|
if selinux_has_selevel(path):
|
||||||
|
secontext.append(selevel)
|
||||||
|
|
||||||
if context is not None:
|
if context is not None:
|
||||||
if context != 'default':
|
if context != 'default':
|
||||||
|
@ -157,20 +181,6 @@ def user_and_group(filename):
|
||||||
debug("got user=%s and group=%s" % (user, group))
|
debug("got user=%s and group=%s" % (user, group))
|
||||||
return (user, group)
|
return (user, group)
|
||||||
|
|
||||||
def selinux_context(path):
|
|
||||||
context = [None, None, None, None]
|
|
||||||
if not HAVE_SELINUX:
|
|
||||||
return context
|
|
||||||
try:
|
|
||||||
ret = selinux.lgetfilecon(path)
|
|
||||||
except:
|
|
||||||
fail_json(path=path, msg='failed to retrieve selinux context')
|
|
||||||
if ret[0] == -1:
|
|
||||||
return context
|
|
||||||
context = ret[1].split(':')
|
|
||||||
debug("got current secontext=%s" % ret[1])
|
|
||||||
return context
|
|
||||||
|
|
||||||
def set_context_if_different(path, context, changed):
|
def set_context_if_different(path, context, changed):
|
||||||
if not HAVE_SELINUX:
|
if not HAVE_SELINUX:
|
||||||
return changed
|
return changed
|
||||||
|
|
Loading…
Reference in a new issue