Only check SELinux states if "getenforce" command exists
- Currently, if the SELinux config file exists, installed SELinux is assumed. - But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons. - If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e". - With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing. Signed-off-by: MichaIng <micha@dietpi.com>
This commit is contained in:
parent
be25b4d9c4
commit
7d79cf5cce
|
@ -1980,9 +1980,9 @@ checkSelinux() {
|
||||||
local DEFAULT_SELINUX
|
local DEFAULT_SELINUX
|
||||||
local CURRENT_SELINUX
|
local CURRENT_SELINUX
|
||||||
local SELINUX_ENFORCING=0
|
local SELINUX_ENFORCING=0
|
||||||
# Check if a SELinux configuration file exists
|
# Check for SELinux configuration file and getenforce command
|
||||||
if [[ -f /etc/selinux/config ]]; then
|
if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then
|
||||||
# If a SELinux configuration file was found, check the default SELinux mode.
|
# Check the default SELinux mode
|
||||||
DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
|
DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config)
|
||||||
case "${DEFAULT_SELINUX,,}" in
|
case "${DEFAULT_SELINUX,,}" in
|
||||||
enforcing)
|
enforcing)
|
||||||
|
|
Loading…
Reference in New Issue