static function checkSELinux($fordebug = false)
{
global $CFG_GLPI;
if (DIRECTORY_SEPARATOR != '/' || !file_exists('/usr/sbin/getenforce')) {
// This is not a SELinux system
return 0;
}
$mode = exec("/usr/sbin/getenforce");
if (empty($mode)) {
$mode = "Unknown";
}
//TRANS: %s is mode name (Permissive, Enforcing of Disabled)
$msg = sprintf(__('SELinux mode is %s'), $mode);
if ($fordebug) {
echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt=\"" . __s('OK') . "\">{$msg}\n";
} else {
echo "<tr class='tab_bg_1'><td class='left b'>{$msg}</td>";
// All modes should be ok
echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt='{$mode}' title='{$msg}'></td></tr>";
}
if (!strcasecmp($mode, 'Disabled')) {
// Other test are not useful
return 0;
}
$err = 0;
// No need to check file context as checkWriteAccessToDirs will show issues
// Enforcing mode will block some feature (notif, ...)
// Permissive mode will write lot of stuff in audit.log
if (!file_exists('/usr/sbin/getenforce')) {
// should always be there
return 0;
}
$bools = array('httpd_can_network_connect', 'httpd_can_network_connect_db', 'httpd_can_sendmail');
$msg2 = __s('Some features may require this to be on');
foreach ($bools as $bool) {
$state = exec('/usr/sbin/getsebool ' . $bool);
if (empty($state)) {
$state = "{$bool} --> unkwown";
}
//TRANS: %s is an option name
$msg = sprintf(__('SELinux boolean configuration for %s'), $state);
if ($fordebug) {
if (substr($state, -2) == 'on') {
echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt=\"" . __s('OK') . "\" title=\"" . __s('OK') . "\">{$msg}\n";
} else {
echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/warning_min.png' alt=\"" . $msg2 . "\" title=\"{$msg2}\">{$msg} ({$msg2})\n";
}
} else {
if (substr($state, -2) == 'on') {
echo "<tr class='tab_bg_1'><td class='left b'>{$msg}</td>";
echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt='{$state}' title='{$state}'>" . "</td>";
} else {
echo "<tr class='tab_bg_1'><td class='left b'>{$msg} ({$msg2})</td>";
echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/warning_min.png' alt='{$msg2}' title='{$msg2}'>" . "</td>";
$err = 1;
}
echo "</tr>";
}
}
return $err;
}