Fixed #1327 - Added SELinux facts

2 files changed, 47 insertions, 0 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 1a0adf2..0f123f4 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,8 @@
 
     Fixed #2132 - Support for named interfaces under Linux
 
+    Fixed #1327 - Added SELinux facts
+
     Fixed #2119 - Added support for non-global Solaris 10 zones
 
     Fixed #2080 - IPAddress resolutions should be reordered
diff --git a/lib/facter/selinux.rb b/lib/facter/selinux.rb
new file mode 100644
index 0000000..0e9637d
--- /dev/null
+++ b/lib/facter/selinux.rb
@@ -0,0 +1,45 @@
+# Fact for SElinux
+# Written by immerda admin team (admin(at)immerda.ch)
+
+Facter.add("selinux") do
+    confine :kernel => :linux
+
+    setcode do 
+        result = "false"
+        if FileTest.exists?("/selinux/enforce")
+            if FileTest.exists?("/proc/self/attr/current")
+                if (File.read("/proc/self/attr/current") != "kernel\0")
+                    result = "true"
+                end
+            end
+        end
+        result
+    end
+end
+
+Facter.add("selinux_enforced") do
+    confine :selinux => :true
+
+    setcode do
+        result = "false"
+        if FileTest.exists?("/selinux/enforce") and File.read("/selinux/enforce") =~ /1/i
+            result = "true"
+        end
+        result
+    end
+end
+
+Facter.add("selinux_policyversion") do
+    confine :selinux => :true
+    setcode do 
+        File.read("/selinux/policyvers")
+    end
+end
+
+Facter.add("selinux_mode") do
+    confine :selinux => :true
+    setcode do
+        %x{/usr/sbin/sestatus | /bin/grep "Policy from config file:" | awk '{print $5}'}        
+    end
+end
+