Merge pull request #1028 from pi-hole/bcambl-selinux_notification

Bcambl selinux notification

automated install/basic-install.sh

@@ -897,7 +897,6 @@ installPihole() {
   installScripts
   installConfigs
   CreateLogFile
-  configureSelinux
   installPiholeWeb
   installCron
   configureFirewall
@@ -928,7 +927,6 @@ updatePihole() {
   installScripts
   installConfigs
   CreateLogFile
-  configureSelinux
   installPiholeWeb
   installCron
   configureFirewall
@@ -936,23 +934,25 @@ updatePihole() {
   runGravity
 }
 
-configureSelinux() {
+
+
+checkSelinux() {
   if [ -x "$(command -v getenforce)" ]; then
-    printf "\n::: SELinux Detected\n"
-    printf ":::\tChecking for SELinux policy development packages..."
-    package_check_install "selinux-policy-devel" > /dev/null
-    echo " installed!"
-    printf ":::\tEnabling httpd server side includes (SSI).. "
-    setsebool -P httpd_ssi_exec on &> /dev/null && echo "Success" || echo "SELinux not enabled"
-    printf "\n:::\tCompiling Pi-Hole SELinux policy..\n"
-    if ! [ -x "$(command -v systemctl)" ]; then
-      sed -i.bak '/systemd/d' /etc/.pihole/advanced/selinux/pihole.te
+    echo ":::"
+    echo -n "::: SELinux Support Detected... Mode: "
+    enforceMode=$(getenforce)
+    echo "${enforceMode}"
+    if [[ "${enforceMode}" == "Enforcing" ]]; then
+      if (whiptail --title "SELinux Enforcing Detected" --yesno "SELinux is being Enforced on your system!\n\nPi-hole currently does not support SELinux, but you may still continue with the installation.\n\nNote: Admin UI Will not function fully without setting your policies correctly\n\nContinue installing Pi-hole?" ${r} ${c}); then
+          echo ":::"
+          echo "::: Continuing installation with SELinux Enforcing."
+          echo "::: Please refer to official SELinux documentation to create a custom policy."
+      else
+          echo ":::"
+          echo "::: Not continuing install after SELinux Enforcing detected."
+          exit 1
+      fi
     fi
-    checkmodule -M -m -o /etc/pihole/pihole.mod /etc/.pihole/advanced/selinux/pihole.te
-    semodule_package -o /etc/pihole/pihole.pp -m /etc/pihole/pihole.mod
-    semodule -i /etc/pihole/pihole.pp
-    rm -f /etc/pihole/pihole.mod
-    semodule -l | grep pihole &> /dev/null && echo "::: Installed Pi-Hole SELinux policy" || echo "::: Warning: Pi-Hole SELinux policy did not install."
   fi
 }
 
@@ -1018,7 +1018,8 @@ update_dialogs() {
 }
 
 main() {
-# Check arguments for the undocumented flags
+
+  # Check arguments for the undocumented flags
   for var in "$@"; do
     case "$var" in
       "--reconfigure"  ) reconfigure=true;;
@@ -1053,6 +1054,9 @@ main() {
   # Install packages used by this installation script
   install_dependent_packages INSTALLER_DEPS[@]
 
+   # Check if SELinux is Enforcing
+  checkSelinux
+
   if [[ "${reconfigure}" == true ]]; then
     echo "::: --reconfigure passed to install script. Not downloading/updating local repos"
   else