From bad0b469a5316b819908830d051be5222884b26c Mon Sep 17 00:00:00 2001 From: Martin Gracik Date: Fri, 1 Jun 2012 08:42:13 +0200 Subject: [PATCH] Use selinux python module to get enforcing mode No need to call getenforce via subprocess. --- lorax.spec | 32 +++++++++++++++++--------------- src/pylorax/__init__.py | 12 ++++-------- 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/lorax.spec b/lorax.spec index 02bdec4d..e2c4c534 100644 --- a/lorax.spec +++ b/lorax.spec @@ -11,24 +11,26 @@ URL: http://git.fedorahosted.org/git/?p=lorax.git Source0: https://fedorahosted.org/releases/l/o/%{name}/%{name}-%{version}.tar.gz BuildRequires: python2-devel -Requires: python-mako -Requires: gawk -Requires: glibc-common -Requires: cpio -Requires: module-init-tools -Requires: device-mapper -Requires: findutils + Requires: GConf2 -Requires: isomd5sum -Requires: glibc -Requires: util-linux +Requires: cpio +Requires: device-mapper Requires: dosfstools -Requires: genisoimage -Requires: parted -Requires: gzip -Requires: xz -Requires: squashfs-tools >= 4.2 Requires: e2fsprogs +Requires: findutils +Requires: gawk +Requires: genisoimage +Requires: glibc +Requires: glibc-common +Requires: gzip +Requires: isomd5sum +Requires: libselinux-python +Requires: module-init-tools +Requires: parted +Requires: python-mako +Requires: squashfs-tools >= 4.2 +Requires: util-linux +Requires: xz Requires: yum %ifarch %{ix86} x86_64 diff --git a/src/pylorax/__init__.py b/src/pylorax/__init__.py index 147fdbda..9f0131b0 100644 --- a/src/pylorax/__init__.py +++ b/src/pylorax/__init__.py @@ -36,6 +36,7 @@ import ConfigParser import tempfile import locale import subprocess +import selinux from base import BaseLoraxClass, DataHolder import output @@ -170,14 +171,9 @@ class Lorax(BaseLoraxClass): # is selinux disabled? logger.info("checking the selinux mode") - try: - seoutput = subprocess.check_output("/sbin/getenforce").strip() - except subprocess.CalledProcessError: - logger.error("could not get the selinux mode") - else: - if seoutput == "Enforcing": - logger.critical("selinux must be disabled or in Permissive mode") - sys.exit(1) + if selinux.security_getenforce(): + logger.critical("selinux must be disabled or in Permissive mode") + sys.exit(1) # do we have a proper yum base object? logger.info("checking yum base object")