root/foreman-selinux-disable @ 1cc18be4
| 983ed4ff | Lukas Zapletal | #!/bin/bash
|
|
| 7a59c903 | Lukas Zapletal | set +e
|
|
| 983ed4ff | Lukas Zapletal | ||
| 6d3fbe86 | Lukas Zapletal | LIBEXEC_DIR=/usr/libexec/foreman-selinux
|
|
| 1cc18be4 | Lukas Zapletal | LOG=/var/log/foreman-selinux-install.log
|
|
| 6d3fbe86 | Lukas Zapletal | ||
# Run hooks
|
|||
find ${LIBEXEC_DIR} -name \*-before-disable.sh -type f -executable -exec /usr/bin/bash '{}' \;
|
|||
| ae6f1a69 | Lukas Zapletal | # Unload foreman policy and set booleans. Dependant booleans must be managed in
|
|
# a separate transaction. Do not forget to edit countepart file
|
|||
# (enable/disable) when updating this script.
|
|||
| 983ed4ff | Lukas Zapletal | for selinuxvariant in targeted
|
|
do
|
|||
| ae6f1a69 | Lukas Zapletal | if /usr/sbin/semodule -s $selinuxvariant -l >/dev/null; then
|
|
| 1cc18be4 | Lukas Zapletal | # Create log entry
|
|
echo "$(date) $0" >> $LOG
|
|||
| ae6f1a69 | Lukas Zapletal | # Remove all user defined ports (including the default one)
|
|
| c1669217 | Lukáš Zapletal | # (docker and elastic can be removed in future release)
|
|
| ae6f1a69 | Lukas Zapletal | /usr/sbin/semanage port -E | \
|
|
| 856752a8 | Lukas Zapletal | grep -E '(elasticsearch|docker|foreman_.*)_port_t' | \
|
|
| ae6f1a69 | Lukas Zapletal | sed s/-a/-d/g | \
|
|
| 1cc18be4 | Lukas Zapletal | tee -a $LOG | \
|
|
| ae6f1a69 | Lukas Zapletal | /usr/sbin/semanage -S $selinuxvariant -i -
|
|
# Unload policy
|
|||
/usr/sbin/semodule -s $selinuxvariant -r foreman
|
|||
fi
|
|||
| 983ed4ff | Lukas Zapletal | done
|
|
| 6d3fbe86 | Lukas Zapletal | ||
# Run hooks
|
|||
find ${LIBEXEC_DIR} -name \*-after-disable.sh -type f -executable -exec /usr/bin/bash '{}' \;
|
|||
exit 0
|