1
0
mirror of https://github.com/pi-hole/pi-hole synced 2024-12-22 06:48:07 +00:00

Only check SELinux states if "getenforce" command exists

- Currently, if the SELinux config file exists, installed SELinux is assumed.
- But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons.
- If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e".
- With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing.

Signed-off-by: MichaIng <micha@dietpi.com>
This commit is contained in:
MichaIng 2020-05-12 23:45:56 +02:00 committed by GitHub
parent be25b4d9c4
commit 7d79cf5cce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1980,9 +1980,9 @@ checkSelinux() {
local DEFAULT_SELINUX
local CURRENT_SELINUX
local SELINUX_ENFORCING=0
# Check if a SELinux configuration file exists
if [[ -f /etc/selinux/config ]]; then
# If a SELinux configuration file was found, check the default SELinux mode.
# Check for SELinux configuration file and getenforce command
if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then
# Check the default SELinux mode
DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
case "${DEFAULT_SELINUX,,}" in
enforcing)