Merge branch 'new/bug11137'
[koha.git] / misc / bin / set-selinux-labels.sh
blob43cbd47a72de23a0b2fbadc4961a36a10c9a57bd
1 #!/bin/sh
3 # This script changes selinux file labels for cgi scripts.
4 # It may be useful for Linux installations with SELinux (like CentOS, Fedora,
5 # RedHat among others) and having it enabled (enforcing mode).
7 # Copyright 2012 Rijksmuseum
9 # This file is part of Koha.
11 # Koha is free software; you can redistribute it and/or modify it under the
12 # terms of the GNU General Public License as published by the Free Software
13 # Foundation; either version 2 of the License, or (at your option) any later
14 # version.
16 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
17 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
18 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License along
21 # with Koha; if not, write to the Free Software Foundation, Inc.,
22 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 usage() {
25 echo "Usage: set-selinux-labels [-h] [-u] [-r] [-s] [-v]"
26 echo " -h prints help information."
27 echo " -u updates the selinux label for scripts in Koha installation."
28 echo " Note: you should be in the root directory of a Koha install."
29 echo " -r uses restorecon on scripts to restore default label."
30 echo " -s shows all files (incl. scripts), not having default label."
31 echo " -v provides (verbose) diagnostics per file (for update/restore)."
32 echo
33 echo "The output of -s may be confusing, but it does not reset any labels. It only prints informational messages from restorecon with -n flag."
36 updatelabel() {
37 #Now set perl scripts to httpd_sys_script_exec_t
38 #We skip scripts in: misc docs t xt and atomicupdate
39 find -name "*.pl" -and ! -path "./docs/*" -and ! -path "./misc/*" -and ! -path "./t/*" -and ! -path "./xt/*" -and ! -path "./installer/data/mysql/atomicupdate/*" | xargs chcon $verbose -t httpd_sys_script_exec_t
41 #Handle exceptions to the rule: scripts without .pl
42 chcon $verbose -t httpd_sys_script_exec_t opac/unapi
43 find opac/svc -type f | xargs chcon $verbose -t httpd_sys_script_exec_t
44 find svc -type f | xargs chcon $verbose -t httpd_sys_script_exec_t
47 restorelabel() {
48 find -name "*.pl" -and ! -path "./docs/*" -and ! -path "./misc/*" -and ! -path "./t/*" -and ! -path "./xt/*" -and ! -path "./installer/data/mysql/atomicupdate/*" | xargs restorecon $verbose
49 restorecon $verbose opac/unapi
50 find opac/svc -type f | xargs restorecon $verbose
51 find svc -type f | xargs restorecon $verbose
54 showlabel() {
55 restorecon -r -n -v *
58 #First: check on chcon xargs restorecon
59 chcon --help >/dev/null 2>&1
60 retval=$?
61 if [ $retval -ne 0 ]; then
62 echo "Chcon command not found. Exiting script now.";
63 exit;
65 xargs --help >/dev/null 2>&1
66 retval=$?
67 if [ $retval -ne 0 ]; then
68 echo "Xargs command not found. Exiting script now.";
69 exit;
71 restorecon -n >/dev/null 2>&1
72 retval=$?
73 if [ $retval -ne 0 ]; then
74 echo "Restorecon command not found. Exiting script now.";
75 exit;
78 #No arguments?
79 if [ $# -eq 0 ]; then
80 usage
81 exit
84 #Check command line options
85 restore=0
86 show=0
87 update=0
88 verbose=
89 while getopts "hrsuv" option; do
90 case $option in
92 usage
93 exit;;
95 restore=1;;
97 show=1;;
99 update=1;;
101 verbose="-v";;
102 esac
103 done
105 #Check if you are on root level of Koha installation
106 if [ ! -e kohaversion.pl ]; then
107 echo "You are not in root directory of Koha install. Cannot continue. Bye.";
108 exit;
111 #Cannot update and restore together
112 if [ $update -eq 1 ] && [ $restore -eq 1 ]; then
113 echo "You cannot run update and restore at the same time."
114 exit;
117 #Now run the job or print usage
118 if [ $update -eq 1 ]; then updatelabel; exit; fi
119 if [ $restore -eq 1 ]; then restorelabel; exit; fi
120 if [ $show -eq 1 ]; then showlabel; exit; fi
121 usage