From 68f56e4f937753439db35d9f02758d9a7b63deee Mon Sep 17 00:00:00 2001
From: Samson-W <samson@hardenedlinux.org>
Date: Wed, 1 Jul 2020 02:42:49 +0800
Subject: [PATCH] Fix a bug for apply method of 4.6

---
 bin/hardening/4.6_enable_selinux.sh | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/bin/hardening/4.6_enable_selinux.sh b/bin/hardening/4.6_enable_selinux.sh
index eed88e7..ed1e086 100755
--- a/bin/hardening/4.6_enable_selinux.sh
+++ b/bin/hardening/4.6_enable_selinux.sh
@@ -104,7 +104,9 @@ audit () {
 }
 
 apply_debian () {
+	set +e
 	check_aa_status
+	set -e
 	if [ $FNRET = 0 ]; then
 		ok "AppArmor was actived. So pass."
 		return 0
@@ -112,7 +114,16 @@ apply_debian () {
 	case $FNRET in 
 		0)	ok "SELinux is active and in Enforcing mode."
 			;;
-		1)	warn "$PACKAGE is not installed, install $PACKAGES"
+		2)	warn "Set SELinux to activate, and need reboot"
+			selinux-activate
+			warn "Set SELinux to enforcing mode, and need reboot"
+			replace_in_file $SELINUXCONF_FILE 'SELINUX=.*' $SELINUXENFORCE_MODE
+			;;
+		3)	warn "Set SELinux to enforcing mode, and need reboot"
+			replace_in_file $SELINUXCONF_FILE 'SELINUX=.*' $SELINUXENFORCE_MODE
+			;;
+		# When return 1 or 5
+		*)	warn "$PACKAGE is not installed, install $PACKAGES"
         	for PACKAGE in ${PACKAGES}
         	do
             	install_package $PACKAGE
@@ -122,14 +133,6 @@ apply_debian () {
 			warn "Set SELinux to enforcing mode, and need reboot"
 			replace_in_file $SELINUXCONF_FILE 'SELINUX=.*' $SELINUXENFORCE_MODE
 			;;
-		2)	warn "Set SELinux to activate, and need reboot"
-			selinux-activate
-			warn "Set SELinux to enforcing mode, and need reboot"
-			replace_in_file $SELINUXCONF_FILE 'SELINUX=.*' $SELINUXENFORCE_MODE
-			;;
-		3)	warn "Set SELinux to enforcing mode, and need reboot"
-			replace_in_file $SELINUXCONF_FILE 'SELINUX=.*' $SELINUXENFORCE_MODE
-			;;
 	esac
 }