Toolbox::checkSELinux PHP Méthode

Toolbox Class Documentation Afficher le fichier Open project: glpi-project/glpi

checkSELinux() static public méthode

Check SELinux configuration

static public checkSELinux ( $fordebug = false ) : integer
$fordebug		Boolean true is displayed in system information @return integer 0: OK, 1:Warning, 2:Error
Résultat	integer

    static function checkSELinux($fordebug = false)
    {
        global $CFG_GLPI;
        if (DIRECTORY_SEPARATOR != '/' || !file_exists('/usr/sbin/getenforce')) {
            // This is not a SELinux system
            return 0;
        }
        $mode = exec("/usr/sbin/getenforce");
        if (empty($mode)) {
            $mode = "Unknown";
        }
        //TRANS: %s is mode name (Permissive, Enforcing of Disabled)
        $msg = sprintf(__('SELinux mode is %s'), $mode);
        if ($fordebug) {
            echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt=\"" . __s('OK') . "\">{$msg}\n";
        } else {
            echo "<tr class='tab_bg_1'><td class='left b'>{$msg}</td>";
            // All modes should be ok
            echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt='{$mode}' title='{$msg}'></td></tr>";
        }
        if (!strcasecmp($mode, 'Disabled')) {
            // Other test are not useful
            return 0;
        }
        $err = 0;
        // No need to check file context as checkWriteAccessToDirs will show issues
        // Enforcing mode will block some feature (notif, ...)
        // Permissive mode will write lot of stuff in audit.log
        if (!file_exists('/usr/sbin/getenforce')) {
            // should always be there
            return 0;
        }
        $bools = array('httpd_can_network_connect', 'httpd_can_network_connect_db', 'httpd_can_sendmail');
        $msg2 = __s('Some features may require this to be on');
        foreach ($bools as $bool) {
            $state = exec('/usr/sbin/getsebool ' . $bool);
            if (empty($state)) {
                $state = "{$bool} --> unkwown";
            }
            //TRANS: %s is an option name
            $msg = sprintf(__('SELinux boolean configuration for %s'), $state);
            if ($fordebug) {
                if (substr($state, -2) == 'on') {
                    echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt=\"" . __s('OK') . "\" title=\"" . __s('OK') . "\">{$msg}\n";
                } else {
                    echo "<img src='" . $CFG_GLPI['root_doc'] . "/pics/warning_min.png' alt=\"" . $msg2 . "\" title=\"{$msg2}\">{$msg} ({$msg2})\n";
                }
            } else {
                if (substr($state, -2) == 'on') {
                    echo "<tr class='tab_bg_1'><td class='left b'>{$msg}</td>";
                    echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/ok_min.png' alt='{$state}' title='{$state}'>" . "</td>";
                } else {
                    echo "<tr class='tab_bg_1'><td class='left b'>{$msg} ({$msg2})</td>";
                    echo "<td><img src='" . $CFG_GLPI['root_doc'] . "/pics/warning_min.png' alt='{$msg2}' title='{$msg2}'>" . "</td>";
                    $err = 1;
                }
                echo "</tr>";
            }
        }
        return $err;
    }

Toolbox

addslashes_deep

append_params

backtrace

canUseImapPop

canUseLdap

checkMemoryLimit

checkNewVersionAvailable

checkSELinux

checkValidReferer

cleanDecimal

cleanInteger