diff options
| author | James Turnbull <james@lovedthanlost.net> | 2011-03-09 11:55:50 +1100 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2011-03-09 11:55:50 +1100 |
| commit | 95b69a3741a094df89ab200bda142f8c6ee8aa4e (patch) | |
| tree | e719c4d6ded73b66b2834cdd44ac816396d6c4ed | |
| parent | 469d2a26a467c50af9f9732d7f98e8a01ecc369f (diff) | |
| parent | 868e7ba51dd9511e3f23af65a51c0fc7392a76d2 (diff) | |
Merge branch 'tickets/master/5385' into next
| -rw-r--r-- | lib/facter/selinux.rb | 10 | ||||
| -rw-r--r-- | spec/unit/data/selinux_sestatus | 4 | ||||
| -rwxr-xr-x | spec/unit/selinux_spec.rb | 15 |
3 files changed, 23 insertions, 6 deletions
diff --git a/lib/facter/selinux.rb b/lib/facter/selinux.rb index 0e9637d..73e3239 100644 --- a/lib/facter/selinux.rb +++ b/lib/facter/selinux.rb @@ -4,7 +4,7 @@ Facter.add("selinux") do confine :kernel => :linux - setcode do + setcode do result = "false" if FileTest.exists?("/selinux/enforce") if FileTest.exists?("/proc/self/attr/current") @@ -31,7 +31,7 @@ end Facter.add("selinux_policyversion") do confine :selinux => :true - setcode do + setcode do File.read("/selinux/policyvers") end end @@ -39,7 +39,9 @@ end Facter.add("selinux_mode") do confine :selinux => :true setcode do - %x{/usr/sbin/sestatus | /bin/grep "Policy from config file:" | awk '{print $5}'} + result = 'unknown' + mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus') + mode.each_line { |l| result = $1 if l =~ /^Current mode\:\s+(\w+)$/i } + result.chomp end end - diff --git a/spec/unit/data/selinux_sestatus b/spec/unit/data/selinux_sestatus new file mode 100644 index 0000000..b16777f --- /dev/null +++ b/spec/unit/data/selinux_sestatus @@ -0,0 +1,4 @@ +SELinux status: enabled +SELinuxfs mount: /selinux +Current Mode: permissive +Policy version: 16 diff --git a/spec/unit/selinux_spec.rb b/spec/unit/selinux_spec.rb index 43fd5bf..2af9583 100755 --- a/spec/unit/selinux_spec.rb +++ b/spec/unit/selinux_spec.rb @@ -31,11 +31,11 @@ describe "SELinux facts" do File.stubs(:read).with("/selinux/enforce").returns("0") FileTest.expects(:exists?).with("/selinux/enforce").returns true - File.expects(:read).with("/selinux/enforce").returns("1") + File.expects(:read).with("/selinux/enforce").returns("1") Facter.fact(:selinux_enforced).value.should == "true" end - + it "should return an SELinux policy version" do Facter.fact(:selinux).stubs(:value).returns("true") @@ -45,4 +45,15 @@ describe "SELinux facts" do Facter.fact(:selinux_policyversion).value.should == "1" end + + it "should return the SELinux policy mode" do + Facter.fact(:selinux).stubs(:value).returns("true") + + sample_output_file = File.dirname(__FILE__) + '/data/selinux_sestatus' + selinux_sestatus = File.read(sample_output_file) + + Facter::Util::Resolution.stubs(:exec).with('/usr/sbin/sestatus').returns(selinux_sestatus) + + Facter.fact(:selinux_mode).value.should == "permissive" + end end |