1 files changed, 37 insertions, 4 deletions

diff --git a/lib/facter/selinux.rb b/lib/facter/selinux.rb
index 0e9637d..9fab427 100644
--- a/lib/facter/selinux.rb
+++ b/lib/facter/selinux.rb
@@ -4,7 +4,7 @@
 Facter.add("selinux") do
     confine :kernel => :linux
 
-    setcode do 
+    setcode do
         result = "false"
         if FileTest.exists?("/selinux/enforce")
             if FileTest.exists?("/proc/self/attr/current")
@@ -31,15 +31,48 @@ end
 
 Facter.add("selinux_policyversion") do
     confine :selinux => :true
-    setcode do 
+    setcode do
         File.read("/selinux/policyvers")
     end
 end
 
-Facter.add("selinux_mode") do
+Facter.add("selinux_current_mode") do
+    confine :selinux => :true
+    setcode do
+	result = 'unknown'
+        mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus')
+        mode.each_line { |l| result = $1 if l =~ /^Current mode\:\s+(\w+)$/i }
+        result.chomp
+    end
+end
+
+Facter.add("selinux_config_mode") do
     confine :selinux => :true
     setcode do
-        %x{/usr/sbin/sestatus | /bin/grep "Policy from config file:" | awk '{print $5}'}        
+        result = 'unknown'
+        mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus')
+        mode.each_line { |l| result = $1 if l =~ /^Mode from config file\:\s+(\w+)$/i }
+        result.chomp
     end
 end
 
+Facter.add("selinux_config_policy") do
+    confine :selinux => :true
+    setcode do
+        result = 'unknown'
+        mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus')
+        mode.each_line { |l| result = $1 if l =~ /^Policy from config file\:\s+(\w+)$/i }
+        result.chomp
+    end
+end
+
+# This is a legacy fact which returns the old selinux_mode fact value to prevent 
+# breakages of existing manifests. It should be removed at the next major release.
+# See ticket #6677.
+
+Facter.add("selinux_mode") do
+    confine :selinux => :true
+    setcode do
+        Facter.value(:selinux_config_policy)
+    end
+end