From 4a64e6398e7cb3a415db0d790b0b4076715e51f6 Mon Sep 17 00:00:00 2001 From: PhilippeLeroux Date: Wed, 19 Sep 2018 18:14:16 +0200 Subject: [PATCH] =?UTF-8?q?Workaround=20:=20mise=20=C3=A0=20jour=20OS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lors d'une mise à jour la configuration SELinux pour named et dhcpd a été effacée. Ajout d'un script pour rappliquer la configuration après chaque mise à jour. dns/setup_SELinux.sh - Configure SELinux pour named et dhcpd dns/install/setup_dhcp_and_bind.sh - Appel du script setup_SELinux.sh yum/update_infra_server.sh - Appel du script setup_SELinux.sh --- dns/install/setup_dhcp_and_bind.sh | 12 +------ dns/setup_SELinux.sh | 53 ++++++++++++++++++++++++++++++ yum/update_infra_server.sh | 4 +++ 3 files changed, 58 insertions(+), 11 deletions(-) create mode 100755 dns/setup_SELinux.sh diff --git a/dns/install/setup_dhcp_and_bind.sh b/dns/install/setup_dhcp_and_bind.sh index 971f857..a68b7d7 100755 --- a/dns/install/setup_dhcp_and_bind.sh +++ b/dns/install/setup_dhcp_and_bind.sh @@ -216,17 +216,7 @@ exec_cmd "rm -f /var/lib/dhcpd/dhcpd.leases" exec_cmd "touch /var/lib/dhcpd/dhcpd.leases" LN -line_separator -info "Setup selinux" -exec_cmd "chcon -R -t named_zone_t '/var/named/'" -exec_cmd "chcon -R -t dnssec_trigger_var_run_t '/var/named/'" -LN - -line_separator -info "Setup SELinux for named." -exec_cmd "setsebool -P named_write_master_zones true" -exec_cmd "chmod g=rwx /var/named" -LN +exec_cmd ~/plescripts/dns/setup_SELinux.sh info "Setup dhcpd to listen on $if_pub_name" exec_cmd "cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/" diff --git a/dns/setup_SELinux.sh b/dns/setup_SELinux.sh new file mode 100755 index 0000000..e6e6339 --- /dev/null +++ b/dns/setup_SELinux.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# vim: ts=4:sw=4 + +. ~/plescripts/plelib.sh +. ~/plescripts/global.cfg +EXEC_CMD_ACTION=EXEC + +typeset -r ME=$0 +typeset -r PARAMS="$*" + +typeset -r str_usage=\ +"Usage : $ME + +Configure SELinux pour named et dhcpd. +" + +typeset db=undef + +while [ $# -ne 0 ] +do + case $1 in + -emul) + EXEC_CMD_ACTION=NOP + shift + ;; + + -h|-help|help) + info "$str_usage" + LN + exit 1 + ;; + + *) + error "Arg '$1' invalid." + LN + info "$str_usage" + exit 1 + ;; + esac +done + +#ple_enable_log -params $PARAMS + +info "Setup selinux" +exec_cmd "chcon -R -t named_zone_t '/var/named/'" +exec_cmd "chcon -R -t dnssec_trigger_var_run_t '/var/named/'" +LN + +line_separator +info "Setup SELinux for named." +exec_cmd "setsebool -P named_write_master_zones true" +exec_cmd "chmod g=rwx /var/named" +LN diff --git a/yum/update_infra_server.sh b/yum/update_infra_server.sh index 23c36ef..2782ce6 100755 --- a/yum/update_infra_server.sh +++ b/yum/update_infra_server.sh @@ -65,6 +65,10 @@ else LN fi +line_separator +info "Workaround : SELinux settings can be lost after update." +exec_cmd ~/plescripts/dns/setup_SELinux.sh + line_separator warning "From $client_hostname execute : reboot_vm $infra_hostname" LN