Merge pull request #639 from Kegeruneku/arch_6517/int/6517_selinux_co…

…mpatibility

Fixes #6517: Add initial SELinux support

rudder-webapp/SPECS/rudder-webapp.spec

@@ -400,6 +400,19 @@ if [ ! -f /opt/rudder/etc/ssl/rudder-webapp.crt ] || [ ! -f /opt/rudder/etc/ssl/
 	echo " Done"
 fi
 
+# SELinux support
+# Check "sestatus" presence, and if here, probe if SELinux
+# is enabled. If so, then tweak our installation to be
+# SELinux compliant
+if type sestatus >/dev/null 2>&1
+  if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ]
+  then
+    # Adjust the inventory directories SELinux context
+    chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming
+    chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates
+  fi
+fi
+
 echo -n "INFO: Starting Apache HTTPd..."
 service %{apache} start >/dev/null 2>&1
 echo " Done"

rudder-webapp/debian/postinst

@@ -89,6 +89,19 @@ case "$1" in
     echo " Done"
   fi
 
+  # SELinux support
+  # Check "sestatus" presence, and if here, probe if SELinux
+  # is enabled. If so, then tweak our installation to be
+  # SELinux compliant
+  if type sestatus >/dev/null 2>&1
+    if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ]
+    then
+      # Adjust the inventory directories SELinux context
+      chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming
+      chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates
+    fi
+  fi
+
   echo -n "INFO: Restarting Apache HTTPd..."
   /etc/init.d/apache2 restart >/dev/null 2>&1
   echo " Done"