|
|
@@ -553,7 +553,7 @@ sub installSchema {
|
|
|
push @schemafiles, glob("$inf->{General}->{prefix}@schemadir@/*");
|
|
|
} else {
|
|
|
push @schemafiles, "$inf->{General}->{prefix}@schemadir@/00core.ldif",
|
|
|
- "$inf->{General}->{prefix}@schemadir@/01core389.ldif";
|
|
|
+ "$inf->{General}->{prefix}@schemadir@/01core389.ldif";
|
|
|
}
|
|
|
|
|
|
# additional schema files
|
|
|
@@ -1010,7 +1010,19 @@ sub updateSelinuxPolicy {
|
|
|
}
|
|
|
|
|
|
if ($need_label == 1) {
|
|
|
- system("semanage port -a -t ldap_port_t -p tcp $inf->{slapd}->{ServerPort}");
|
|
|
+ my $semanage_err;
|
|
|
+ my $rc;
|
|
|
+ my $retry = 60;
|
|
|
+ while (($retry > 0) && ($semanage_err = `semanage port -a -t ldap_port_t -p tcp $inf->{slapd}->{ServerPort} 2>&1`) && ($rc = $?)) {
|
|
|
+ debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc).\n");
|
|
|
+ debug(1, "Retrying in 5 seconds\n");
|
|
|
+ sleep(5);
|
|
|
+ $retry--;
|
|
|
+ }
|
|
|
+ if (0 == $retry) {
|
|
|
+ debug(1, "Adding port $inf->{slapd}->{ServerPort} to selinux policy failed - $semanage_err (return code: $rc).\n");
|
|
|
+ debug(1, "Reached time limit.\n");
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -1378,24 +1390,46 @@ sub removeDSInstance {
|
|
|
if ("@with_selinux@") {
|
|
|
foreach my $port (@{$entry->{"nsslapd-port"}})
|
|
|
{
|
|
|
- my $semanage_err = `semanage port -d -t ldap_port_t -p tcp $port 2>&1`;
|
|
|
- if ($? != 0) {
|
|
|
- if (($semanage_err !~ /defined in policy, cannot be deleted/) && ($semanage_err !~ /is not defined/)) {
|
|
|
- push @errs, [ 'error_removing_port_label', $port, $semanage_err];
|
|
|
+ my $semanage_err;
|
|
|
+ my $rc;
|
|
|
+ my $retry = 60;
|
|
|
+ while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $port 2>&1`) && ($rc = $?)) {
|
|
|
+ if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) {
|
|
|
+ $retry = -1;
|
|
|
+ } else {
|
|
|
debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n");
|
|
|
+ debug(1, "Retrying in 5 seconds\n");
|
|
|
+ sleep(5);
|
|
|
+ $retry--;
|
|
|
}
|
|
|
}
|
|
|
+ if (0 == $retry) {
|
|
|
+ push @errs, [ 'error_removing_port_label', $port, $semanage_err];
|
|
|
+ debug(1, "Warning: Port $port not removed from selinux policy correctly. Error: $semanage_err\n");
|
|
|
+ debug(1, "Reached time limit.\n");
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
foreach my $secureport (@{$entry->{"nsslapd-secureport"}})
|
|
|
{
|
|
|
- my $semanage_err = `semanage port -d -t ldap_port_t -p tcp $secureport 2>&1`;
|
|
|
- if ($? != 0) {
|
|
|
- if (($semanage_err !~ /defined in policy, cannot be deleted/) && ($semanage_err !~ /is not defined/)) {
|
|
|
- push @errs, [ 'error_removing_port_label', $secureport, $semanage_err];
|
|
|
+ my $semanage_err;
|
|
|
+ my $rc;
|
|
|
+ my $retry = 60;
|
|
|
+ while (($retry > 0) && ($semanage_err = `semanage port -d -t ldap_port_t -p tcp $secureport 2>&1`) && ($rc = $?)) {
|
|
|
+ if (($semanage_err =~ /defined in policy, cannot be deleted/) || ($semanage_err =~ /is not defined/)) {
|
|
|
+ $retry = -1;
|
|
|
+ } else {
|
|
|
debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n");
|
|
|
+ debug(1, "Retrying in 5 seconds\n");
|
|
|
+ sleep(5);
|
|
|
+ $retry--;
|
|
|
}
|
|
|
}
|
|
|
+ if (0 == $retry) {
|
|
|
+ push @errs, [ 'error_removing_port_label', $secureport, $semanage_err];
|
|
|
+ debug(1, "Warning: Port $secureport not removed from selinux policy correctly. Error: $semanage_err\n");
|
|
|
+ debug(1, "Reached time limit.\n");
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
|
Noriko Hosoi