From 7d79cf5cce6be318adbab4d3fa2429b1fc919c93 Mon Sep 17 00:00:00 2001 From: MichaIng Date: Tue, 12 May 2020 23:45:56 +0200 Subject: [PATCH] Only check SELinux states if "getenforce" command exists - Currently, if the SELinux config file exists, installed SELinux is assumed. - But removing e.g. an APT package via "apt-get remove" leaves config files in place, or they could be present for other reasons. - If the getenforce command is not present but the config file is, currently the installer exists without error message when calling getenforce due to "set -e". - With this change, the presence of getenforce command is checked first. If it is not present, selinux-utils is not installed, which is a core part of SELinux, pulled in by selinux-basics as well. So it can be assumed that no SELinux is active if this command is missing. Signed-off-by: MichaIng --- automated install/basic-install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/automated install/basic-install.sh b/automated install/basic-install.sh index 904d41ad..e1c21330 100755 --- a/automated install/basic-install.sh +++ b/automated install/basic-install.sh @@ -1980,9 +1980,9 @@ checkSelinux() { local DEFAULT_SELINUX local CURRENT_SELINUX local SELINUX_ENFORCING=0 - # Check if a SELinux configuration file exists - if [[ -f /etc/selinux/config ]]; then - # If a SELinux configuration file was found, check the default SELinux mode. + # Check for SELinux configuration file and getenforce command + if [[ -f /etc/selinux/config ]] && command -v getenforce &> /dev/null; then + # Check the default SELinux mode DEFAULT_SELINUX=$(awk -F= '/^SELINUX=/ {print $2}' /etc/selinux/config) case "${DEFAULT_SELINUX,,}" in enforcing)