remove the selinux filpping code in propagate_ssh_key

Description of problem: Previously with selinux in enforcing mode, could prevent ssh-keygen from generating keys. Support for selinux policy for allowing applications to access ssh-keygen for generating ssh keys was added in selinux-policy-3.7.19-126.el6_2.6. Solutions: Because of the context was added for ssh key generation, so the keys were generated without fliping from enforcing mode to permissive mode for ssh key generation. This patch removes selinux code which switches between enforcing and permissive modes. Signed-off-by: arthur <zzou@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com>
2014-02-17 15:34:13 +08:00 · 2014-02-17 15:34:13 +08:00 · 5dac95bbad
commit 5dac95bbad
parent 7c99869b79
1 changed files with 0 additions and 12 deletions
--- a/12
+++ b/12
@ -343,13 +343,6 @@ function propagate_ssh_key()
 		exit 1
 	fi

-	#Check if selinux is on... must flip to permissive mode
-	#for the moment to create key, then flip back...
-	se_enforce=`/usr/sbin/sestatus | grep -c "^Current mode.*enforcing"`
-	if [ "$se_enforce" -ge 1 ]; then
-		/usr/sbin/setenforce 0 2>&1 > /dev/null
-	fi
-
 	local KEYFILE=$SSH_KEY_LOCATION
 	local errmsg="Failed to propagate ssh key"

@ -362,11 +355,6 @@ function propagate_ssh_key()
 		echo "done."
 	fi

-	#If necessary, flip selinux back to enforcing
-	if [ "$se_enforce" -ge 1 ]; then
-		/usr/sbin/setenforce 1 2>&1 > /dev/null
-	fi
-	
 	#now find the target ssh user and server to contact.
 	SSH_USER=`echo $DUMP_TARGET | cut -d\  -f2 | cut -d@ -f1`
 	SSH_SERVER=`echo $DUMP_TARGET | sed -e's/\(.*@\)\(.*$\)/\2/'`