HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
Upload Files
File: //proc/thread-self/root/usr/libexec/kcare/python/kcarectl/selinux.py
# Copyright (c) Cloud Linux Software, Inc
# Licensed under CLOUD LINUX LICENSE AGREEMENT
# http://cloudlinux.com/docs/LICENCE.TXT

import os

from . import process_utils
from . import log_utils
from . import errors
from . import utils


def selinux_safe_tmpname(fname):
    head, tail = os.path.split(fname)
    return os.path.join(head, 'tmp.' + tail)


def restore_selinux_context(dname):
    if is_selinux_enabled():
        # Try to restore selinux context
        cmd = [process_utils.find_cmd('restorecon', ('/usr/sbin', '/sbin')), '-R', dname]
        code, _, stderr = process_utils.run_command(cmd, catch_stdout=True, catch_stderr=True)
        if code:
            log_utils.logerror(
                "SELinux context restoration for {0} failed with {1}: {2}".format(dname, code, stderr), print_msg=False
            )


def is_selinux_module_present(semodule_name):
    code, out, err = process_utils.run_command(['/usr/sbin/semodule', '-l'], catch_stdout=True)
    if code:
        raise errors.KcareError("SELinux modules list gathering error: '{0}' {1}".format(err, code))
    for line in out.split('\n'):
        if semodule_name in line:
            return True
    return False


def skip_if_no_selinux_module(clbl):
    def wrapper(*args, **kwargs):
        if is_selinux_enabled() and not is_selinux_module_present('libcare'):
            raise errors.KcareError('SELinux is enabled but libcare policy module is not loaded')
        return clbl(*args, **kwargs)

    return wrapper


@utils.cached
def is_selinux_enabled():
    if os.path.isfile('/usr/sbin/selinuxenabled'):
        code, _, _ = process_utils.run_command(['/usr/sbin/selinuxenabled'])
    else:
        return False
    return code == 0