Package selinux-policy-alt: Скрипты

Post install
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# XXX bug in 'semodule'
mkdir -p /etc/selinux/alt/contexts/files
touch /etc/selinux/alt/contexts/files/file_contexts.local
# XXX

# Check SeLinux mode and status
# Possible cases:
# 1. SeLinux is enabled, Enforcing is On, current policy is active
# 2. SeLinux is enabled, Enforcing if Off, current policy is active
# 3. SeLinux is enabled, Enforcing is On, another policy is active
# 4. SeLinux is enabled, Enforcing is Off, another policy is active
# 5. SeLinux is disabled

enforce_mode="$(getenforce)"
echo -e "\tCurrent SeLinux enforce mode is: $enforce_mode"

if ! selinuxenabled; then
   echo -e "\tSeLinux is disabled."
fi

# Cleanup previous modules. Existing modules may be a problem to install base policy.
modules="$(semodule -l -s alt | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"
if [ -n "${modules// /}" ]; then
    echo -e "\tRemove all current (even 3rd party) modules for 'alt' policy:"
fi
for i in $modules; do
    echo -e "\t\t* Remove previous module '$i'"
    semodule -n -s alt -r $i
done

# Always install new policy
semodule -n -s alt -b /usr/share/selinux/alt/base.pp

# Always install all modules
echo -e "\tActivate modules for 'alt' policy:"
for i in /usr/share/selinux/alt/modules/*.pp; do
    echo -e "\t\t* Install module '$(basename "$i")'" 
    semodule -n -s alt -i "$i"
done

policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"
# Upgrade
if [ $1 -eq 2 ]; then
    if [ "$policy_name_active" = "alt" ]; then
        echo -e "\tSeLinux policy has been updated. Please do a reboot."
    fi
fi

# XXX: suppose there are no other working policy.
# Install
if [ $1 -eq 1 ]; then
    echo "Warning:"
    echo -e "\tSeLinux config '/etc/selinux/config' is updated with 'SELINUX=permissive'"
    ( . shell-config; shell_config_set "/etc/selinux/config" "SELINUX" "permissive" )
    ( . shell-config; shell_config_set "/etc/selinux/config" "SELINUXTYPE" "alt" )

    # Relabel all FileSystem
    echo -e "\tMake sure to:"
    echo -e "\t\t * Enable SeLinux in kernel."
    echo -e "\t\t * Configure PAM for SeLinux."
    echo -e "\tIt is necessary to relabel FS. Please do a reboot."
    echo -e "\tFor more information visit: http://www.altlinux.org/sl"
    touch /.autorelabel
fi

exit 0 # End of %post section

#
# %preun
#
Pre uninstall
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
policy_name_active="$(sestatus | sed -n -e '/policy name/ s/^.\+[[:space:]]//p')"

# The last version of a package is erased
if [ $1 = 0 ]; then
    # Cleanup installed modules
    modules="$(semodule -l -s alt | sed -n -e '/[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+/ s/[[:space:]].*$//p' | tr '\n' ' ' )"
    if [ -n "${modules// /}" ]; then
       echo -e "\tCleanup all installed (even 3rd party) modules for 'alt' policy:"
    fi
    for i in $modules; do
       echo -e "\t\t* Cleanup module '$i'"
        semodule -n -s alt -r $i
    done
    if [ "$policy_name_active" = "alt" ]; then
        echo "Warning:"
        echo -e "\tSeLinux is disabled in config: /etc/selinux/config"
        ( . shell-config; shell_config_set "/etc/selinux/config" "SELINUX" "disabled" )
        echo -e "\tSeLinux policy package '$policy_name_active' is uninstalled completely."
        echo -e "\tPlease reboot computer as soon as possible."
    fi
fi

exit 0 # End of %preun section
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.5.3
Наверх