People find themselves skipping steps of the installation guide's "preparing your system" section, only to discover services do not start and Kolab Groupware is dysfunctional.
I propose a check be introduced that is executed as part of setup-kolab, that learns the system configuration and current run-time state, and errors out fatally if the configuration is inappropriate -- pointing out to some information on the subject.
Implementation Design Considerations
- /sys/fs/selinux/enforce does not exist: SELinux disabled (GOOD, however bad).
- /sys/fs/selinux/enforce contains 1: SELinux enforces one or the other policy (it doesn't matter which) -> (BAD, however good)
- /sys/fs/selinux/enforce contains 0: SELinux does not enforce any policy, but does audit policy violations (GOOD, however bad)
This shall be the first or second item that executing setup-kolab checks for, however does not state in which capacity the system may come back up after reboot.
The command sestatus could be used, with sample output:
SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30
exec() and line-by-line parsing should then be used.
We would NOT amend the configuration to ensure the Kolab installation is successful and the system's security reduced without the user's explicit (and manual) intervention.