livemedia-creator: Check selinux state and exit

lmc --no-virt was switching selinux to permissive if it was enforcing
and restore it when done. This works fine when it is the only session
running, but would cause problems if it was run in parallel.

It now only checks the state and exits with an error if it isn't already
disabled or in Permissive mode.

Users will need to run setenforce 0 before running lmc.
This commit is contained in:
Brian C. Lane 2016-03-24 14:10:14 -07:00
parent a7fb48d0da
commit b91e79d9bc

View File

@ -32,6 +32,7 @@ import glob
import json import json
from math import ceil from math import ceil
import socket import socket
import selinux
# Use pykickstart to calculate disk image size # Use pykickstart to calculate disk image size
from pykickstart.parser import KickstartParser from pykickstart.parser import KickstartParser
@ -663,19 +664,11 @@ def novirt_install(opts, disk_img, disk_size):
:param str disk_img: The full path to the disk image to be created :param str disk_img: The full path to the disk image to be created
:param int disk_size: The size of the disk_img in MiB :param int disk_size: The size of the disk_img in MiB
This method makes sure SELinux is permissive during the install, runs anaconda This method runs anaconda to create the image and then based on the opts
to create the image and then based on the opts passed create a qemu disk image passed creates a qemu disk image or tarfile.
or tarfile.
""" """
import selinux
dirinstall_path = ROOT_PATH dirinstall_path = ROOT_PATH
# Set selinux to Permissive if it is Enforcing
selinux_enforcing = False
if selinux.is_selinux_enabled() and selinux.security_getenforce():
selinux_enforcing = True
selinux.security_setenforce(0)
# Clean up /tmp/ from previous runs to prevent stale info from being used # Clean up /tmp/ from previous runs to prevent stale info from being used
for path in ["/tmp/yum.repos.d/", "/tmp/yum.cache/"]: for path in ["/tmp/yum.repos.d/", "/tmp/yum.cache/"]:
if os.path.isdir(path): if os.path.isdir(path):
@ -763,9 +756,6 @@ def novirt_install(opts, disk_img, disk_size):
dm_detach(dm_path) dm_detach(dm_path)
loop_detach(get_loop_name(disk_img)) loop_detach(get_loop_name(disk_img))
if selinux_enforcing:
selinux.security_setenforce(1)
# qemu disk image is used by bare qcow2 images and by Vagrant # qemu disk image is used by bare qcow2 images and by Vagrant
if opts.image_type: if opts.image_type:
log.info("Converting %s to %s", disk_img, opts.image_type) log.info("Converting %s to %s", disk_img, opts.image_type)
@ -1153,6 +1143,10 @@ def main():
and not os.path.exists("/usr/sbin/anaconda"): and not os.path.exists("/usr/sbin/anaconda"):
errors.append("no-virt requires anaconda to be installed.") errors.append("no-virt requires anaconda to be installed.")
if is_install and opts.no_virt:
if selinux.is_selinux_enabled() and selinux.security_getenforce():
errors.append("selinux must be disabled or in Permissive mode.")
if opts.make_appliance and not opts.app_template: if opts.make_appliance and not opts.app_template:
opts.app_template = joinpaths(opts.lorax_templates, opts.app_template = joinpaths(opts.lorax_templates,
"appliance/libvirt.tmpl") "appliance/libvirt.tmpl")