Verify selinux status before downloading

pull/1124/head
Johan Kok 2019-11-23 13:03:40 +01:00 committed by GitHub
parent 18bd921cdd
commit 51f8a1a0b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 9 deletions

View File

@ -271,6 +271,15 @@ verify_downloader() {
return 0 return 0
} }
# --- verify existence of semanage when SELinux is enabled ---
verify_semanage() {
if [ -x "$(which getenforce)" ]; then
if [ "Disabled" != $(getenforce) ] && [ ! -x "$(which semanage)" ]; then
fatal 'SELinux is enabled but semanage is not found'
fi
fi
}
# --- create tempory directory and cleanup when done --- # --- create tempory directory and cleanup when done ---
setup_tmp() { setup_tmp() {
TMP_DIR=$(mktemp -d -t k3s-install.XXXXXXXXXX) TMP_DIR=$(mktemp -d -t k3s-install.XXXXXXXXXX)
@ -374,15 +383,11 @@ setup_binary() {
if command -v getenforce > /dev/null 2>&1; then if command -v getenforce > /dev/null 2>&1; then
if [ "Disabled" != $(getenforce) ]; then if [ "Disabled" != $(getenforce) ]; then
if command -v semanage > /dev/null 2>&1; then info 'SELinux is enabled, setting permissions'
info 'SELinux is enabled, setting permissions' if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then
if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then $SUDO semanage fcontext -a -t bin_t "${BIN_DIR}/k3s"
$SUDO semanage fcontext -a -t bin_t "${BIN_DIR}/k3s" fi
fi $SUDO restorecon -v ${BIN_DIR}/k3s > /dev/null
$SUDO restorecon -v ${BIN_DIR}/k3s > /dev/null
else
fatal 'SELinux is enabled but semanage is not found'
fi
fi fi
fi fi
} }
@ -397,6 +402,7 @@ download_and_verify() {
setup_verify_arch setup_verify_arch
verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files' verify_downloader curl || verify_downloader wget || fatal 'Can not find curl or wget for downloading files'
verify_semanage
setup_tmp setup_tmp
get_release_version get_release_version
download_hash download_hash