Change Details

People find themselves skipping steps of the installation guide's "preparing your system" section, only to discover services do not start and Kolab Groupware is dysfunctional. I propose a check be introduced that is executed as part of **setup-kolab**, that learns the system configuration and current run-time state, and errors out fatally if the configuration is inappropriate -- pointing out to some information on the subject.

People find themselves skipping steps of the installation guide's "preparing your system" section, only to discover services do not start and Kolab Groupware is dysfunctional. I propose a check be introduced that is executed as part of **setup-kolab**, that learns the system configuration and current run-time state, and errors out fatally if the configuration is inappropriate -- pointing out to some information on the subject. ## Implementation Design Considerations * `/sys/fs/selinux/enforce` does not exist: SELinux disabled (GOOD, however bad). * `/sys/fs/selinux/enforce` contains 1: SELinux enforces one or the other policy (it doesn't matter which) -> (BAD, however good) * `/sys/fs/selinux/enforce` contains 0: SELinux does not enforce any policy, but does audit policy violations (GOOD, however bad) This shall be the first or second item that executing **setup-kolab** checks for, however does not state in which capacity the system may come back up after reboot. The command `sestatus` could be used, with sample output: ``` SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30 ``` `exec()` and line-by-line parsing should then be used. We would **NOT** amend the configuration to ensure the Kolab installation is successful and the system's security reduced without the user's explicit (and manual) intervention.

People find themselves skipping steps of the installation guide's "preparing your system" section, only to discover services do not start and Kolab Groupware is dysfunctional. I propose a check be introduced that is executed as part of **setup-kolab**, that learns the system configuration and current run-time state, and errors out fatally if the configuration is inappropriate -- pointing out to some information on the subject. ## Implementation Design Considerations * `/sys/fs/selinux/enforce` does not exist: SELinux disabled (GOOD, however bad). * `/sys/fs/selinux/enforce` contains 1: SELinux enforces one or the other policy (it doesn't matter which) -> (BAD, however good) * `/sys/fs/selinux/enforce` contains 0: SELinux does not enforce any policy, but does audit policy violations (GOOD, however bad) This shall be the first or second item that executing **setup-kolab** checks for, however does not state in which capacity the system may come back up after reboot. The command `sestatus` could be used, with sample output: ``` SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30 ``` `exec()` and line-by-line parsing should then be used. We would **NOT** amend the configuration to ensure the Kolab installation is successful and the system's security reduced without the user's explicit (and manual) intervention.