Use selinux python module to get enforcing mode

No need to call getenforce via subprocess.
This commit is contained in:
Martin Gracik 2012-06-01 08:42:13 +02:00
parent dd7536a711
commit bad0b469a5
2 changed files with 21 additions and 23 deletions

View File

@ -11,24 +11,26 @@ URL: http://git.fedorahosted.org/git/?p=lorax.git
Source0: https://fedorahosted.org/releases/l/o/%{name}/%{name}-%{version}.tar.gz
BuildRequires: python2-devel
Requires: python-mako
Requires: gawk
Requires: glibc-common
Requires: cpio
Requires: module-init-tools
Requires: device-mapper
Requires: findutils
Requires: GConf2
Requires: isomd5sum
Requires: glibc
Requires: util-linux
Requires: cpio
Requires: device-mapper
Requires: dosfstools
Requires: genisoimage
Requires: parted
Requires: gzip
Requires: xz
Requires: squashfs-tools >= 4.2
Requires: e2fsprogs
Requires: findutils
Requires: gawk
Requires: genisoimage
Requires: glibc
Requires: glibc-common
Requires: gzip
Requires: isomd5sum
Requires: libselinux-python
Requires: module-init-tools
Requires: parted
Requires: python-mako
Requires: squashfs-tools >= 4.2
Requires: util-linux
Requires: xz
Requires: yum
%ifarch %{ix86} x86_64

View File

@ -36,6 +36,7 @@ import ConfigParser
import tempfile
import locale
import subprocess
import selinux
from base import BaseLoraxClass, DataHolder
import output
@ -170,14 +171,9 @@ class Lorax(BaseLoraxClass):
# is selinux disabled?
logger.info("checking the selinux mode")
try:
seoutput = subprocess.check_output("/sbin/getenforce").strip()
except subprocess.CalledProcessError:
logger.error("could not get the selinux mode")
else:
if seoutput == "Enforcing":
logger.critical("selinux must be disabled or in Permissive mode")
sys.exit(1)
if selinux.security_getenforce():
logger.critical("selinux must be disabled or in Permissive mode")
sys.exit(1)
# do we have a proper yum base object?
logger.info("checking yum base object")