Merge pull request #6281 from khm/allow-selinux-permissive

xcatprobe xcatmn: Allow selinux permissive
2025-05-30 17:46:38 +00:00 · 2019-05-05 11:11:58 +08:00 · 2019-05-05 11:11:58 +08:00 · 870a1c6f14
commit 870a1c6f14
parent b69322fc08 761eb497ca
2 changed files with 43 additions and 5 deletions
--- a/xCAT-probe/lib/perl/probe_utils.pm
+++ b/xCAT-probe/lib/perl/probe_utils.pm
@ -240,6 +240,33 @@ sub is_selinux_enable {

 #------------------------------------------

+=head3
+    Description:
+        Test if SELinux is enforcing in current operating system
+    Arguments:
+         None
+    Returns:
+        1 : yes
+        0 : no
+=cut
+
+#------------------------------------------
+sub is_selinux_enforcing {
+    if (-e "/usr/sbin/getenforce") {
+        my $enforce_mode = `/usr/sbin/getenforce`;
+        chomp $enforce_mode;
+        switch ($enforce_mode) {
+          case "Disabled" { return 0; }
+          case "Permissive" { return 0; }
+          case "Enforcing" { return 1; }
+          else { return 0; }
+    } else {
+        return 0;
+    }
+}
+
+#------------------------------------------
+
 =head3
    Description:
        Test if firewall is opened in current operating system
--- a/xCAT-probe/subcmds/xcatmn
+++ b/xCAT-probe/subcmds/xcatmn
@ -93,8 +93,9 @@ sub do_main_job {
    $rc |= $rst;

    #check if SElinux is disabled
-    $rst        = check_selinux(\$checkpoint, \@error);
-    print_check_result($checkpoint, "f", $rst, \@error);
+    ($rst, $flag) = check_selinux(\$checkpoint, \@error);
+    print_check_result($checkpoint, $flag, $rst, \@error);
+    $rst = 0 if ($flag == "w");
    $rc |= $rst;

    #check http service
@ -677,16 +678,26 @@ sub check_selinux {
    my $checkpoint_ref =  shift;
    my $error_ref = shift;
    my $rst       = 0;
+    my $flag      = "w";
+    my $msg       = "";

    $$checkpoint_ref = "Checking SELinux is disabled...";
    @$error_ref = ();

    if (probe_utils->is_selinux_enable()) {
-        push @$error_ref, "SELinux is enabled on current server";
+        $msg = "SELinux is enabled on current server";
        $rst = 1;
+        $flag = "w";
    }
-
-    return $rst;
+    if (probe_utils->is_selinux_enforcing()) {
+        $msg = "SELinux is enforcing on current server";
+        $rst = 1;
+        $flag = "f";
+    }
+    if ($rst) { 
+        push @error_ref, "$msg";
+    }
+    return ($rst, $flag);
 }

 sub check_firewall {