From 3fb3eae7b6062db447a8b7faf5f46910ed0ab67a Mon Sep 17 00:00:00 2001
From: Stephen Fromm <sfromm@gmail.com>
Date: Tue, 7 Aug 2012 22:57:44 -0700
Subject: [PATCH] Protect all selinux calls with try/except

---
 library/setup | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/library/setup b/library/setup
index 8284a51aedf..f52f9cecad0 100755
--- a/library/setup
+++ b/library/setup
@@ -124,16 +124,34 @@ class Facts(object):
             self.facts['selinux']['status'] = 'disabled'
         else:
             self.facts['selinux']['status'] = 'enabled'
-            self.facts['selinux']['policyvers'] = selinux.security_policyvers()
-            (rc, configmode) = selinux.selinux_getenforcemode()
-            if rc == 0 and Facts.SELINUX_MODE_DICT.has_key(configmode):
-                self.facts['selinux']['config_mode'] = Facts.SELINUX_MODE_DICT[configmode]
-            mode = selinux.security_getenforce()
-            if Facts.SELINUX_MODE_DICT.has_key(mode):
-                self.facts['selinux']['mode'] = Facts.SELINUX_MODE_DICT[mode]
-            (rc, policytype) = selinux.selinux_getpolicytype()
-            if rc == 0:
-                self.facts['selinux']['type'] = policytype
+            try:
+                self.facts['selinux']['policyvers'] = selinux.security_policyvers()
+            except:
+                self.facts['selinux']['policyvers'] = 'unknown'
+            try:
+                (rc, configmode) = selinux.selinux_getenforcemode()
+                if rc == 0 and Facts.SELINUX_MODE_DICT.has_key(configmode):
+                    self.facts['selinux']['config_mode'] = Facts.SELINUX_MODE_DICT[configmode]
+                else:
+                    self.facts['selinux']['config_mode'] = 'unknown'
+            except OSError, e:
+                self.facts['selinux']['config_mode'] = 'unknown'
+            try:
+                mode = selinux.security_getenforce()
+                if Facts.SELINUX_MODE_DICT.has_key(mode):
+                    self.facts['selinux']['mode'] = Facts.SELINUX_MODE_DICT[mode]
+                else:
+                    self.facts['selinux']['mode'] = 'unknown'
+            except OSError, e:
+                self.facts['selinux']['mode'] = 'unknown'
+            try:
+                (rc, policytype) = selinux.selinux_getpolicytype()
+                if rc == 0:
+                    self.facts['selinux']['type'] = policytype
+                else:
+                    self.facts['selinux']['type'] = 'unknown'
+            except OSError, e:
+                self.facts['selinux']['type'] = 'unknown'
 
 class Hardware(Facts):
     """