mirror of
https://github.com/pi-hole/pi-hole
synced 2024-12-22 06:48:07 +00:00
Only check SELinux states if "getenforce" command exists
- Currently, if the SELinux config file exists, installed SELinux is assumed. - But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons. - If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e". - With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing. Signed-off-by: MichaIng <micha@dietpi.com>
This commit is contained in:
parent
be25b4d9c4
commit
7d79cf5cce
@ -1980,9 +1980,9 @@ checkSelinux() {
|
||||
local DEFAULT_SELINUX
|
||||
local CURRENT_SELINUX
|
||||
local SELINUX_ENFORCING=0
|
||||
# Check if a SELinux configuration file exists
|
||||
if [[ -f /etc/selinux/config ]]; then
|
||||
# If a SELinux configuration file was found, check the default SELinux mode.
|
||||
# Check for SELinux configuration file and getenforce command
|
||||
if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then
|
||||
# Check the default SELinux mode
|
||||
DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
|
||||
case "${DEFAULT_SELINUX,,}" in
|
||||
enforcing)
|
||||
|
Loading…
Reference in New Issue
Block a user