Workaround : mise à jour OS

Lors d'une mise à jour la configuration SELinux pour named et dhcpd a été effacée. Ajout d'un script pour rappliquer la configuration après chaque mise à jour. dns/setup_SELinux.sh - Configure SELinux pour named et dhcpd dns/install/setup_dhcp_and_bind.sh - Appel du script setup_SELinux.sh yum/update_infra_server.sh - Appel du script setup_SELinux.sh
PhilippeLeroux · Sep 19, 2018 · 4a64e63 · 4a64e63
1 parent af13e4f
commit 4a64e63
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 11 deletions.
diff --git a/dns/install/setup_dhcp_and_bind.sh b/dns/install/setup_dhcp_and_bind.sh
@@ -216,17 +216,7 @@ exec_cmd "rm -f /var/lib/dhcpd/dhcpd.leases"
 exec_cmd "touch /var/lib/dhcpd/dhcpd.leases"
 LN
 
-line_separator
-info "Setup selinux"
-exec_cmd "chcon -R -t named_zone_t '/var/named/'"
-exec_cmd "chcon -R -t dnssec_trigger_var_run_t '/var/named/'"
-LN
-
-line_separator
-info "Setup SELinux for named."
-exec_cmd "setsebool -P named_write_master_zones true"
-exec_cmd "chmod g=rwx /var/named"
-LN
+exec_cmd ~/plescripts/dns/setup_SELinux.sh
 
 info "Setup dhcpd to listen on $if_pub_name"
 exec_cmd "cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/"

diff --git a/dns/setup_SELinux.sh b/dns/setup_SELinux.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+# vim: ts=4:sw=4
+
+. ~/plescripts/plelib.sh
+. ~/plescripts/global.cfg
+EXEC_CMD_ACTION=EXEC
+
+typeset	-r	ME=$0
+typeset	-r	PARAMS="$*"
+
+typeset	-r	str_usage=\
+"Usage : $ME
+
+Configure SELinux pour named et dhcpd.
+"
+
+typeset	db=undef
+
+while [ $# -ne 0 ]
+do
+	case $1 in
+		-emul)
+			EXEC_CMD_ACTION=NOP
+			shift
+			;;
+
+		-h|-help|help)
+			info "$str_usage"
+			LN
+			exit 1
+			;;
+
+		*)
+			error "Arg '$1' invalid."
+			LN
+			info "$str_usage"
+			exit 1
+			;;
+	esac
+done
+
+#ple_enable_log -params $PARAMS
+
+info "Setup selinux"
+exec_cmd "chcon -R -t named_zone_t '/var/named/'"
+exec_cmd "chcon -R -t dnssec_trigger_var_run_t '/var/named/'"
+LN
+
+line_separator
+info "Setup SELinux for named."
+exec_cmd "setsebool -P named_write_master_zones true"
+exec_cmd "chmod g=rwx /var/named"
+LN
diff --git a/yum/update_infra_server.sh b/yum/update_infra_server.sh
@@ -65,6 +65,10 @@ else
 	LN
 fi
 
+line_separator
+info "Workaround : SELinux settings can be lost after update."
+exec_cmd ~/plescripts/dns/setup_SELinux.sh
+
 line_separator
 warning "From $client_hostname execute : reboot_vm $infra_hostname"
 LN