diff options
| author | Sean E. Millichamp <sean@bruenor.org> | 2008-10-13 16:48:40 -0400 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2008-10-17 08:17:46 +1100 |
| commit | dedf0cdce952e36bcdccfc88b1efc33d9f5eaddb (patch) | |
| tree | 537c0b4392ddf34c0dfc2495e47646ff0318b774 | |
| parent | 7f5ded185269cabeb7921c4f4739e1f66a34d54d (diff) | |
| download | puppet-dedf0cdce952e36bcdccfc88b1efc33d9f5eaddb.tar.gz puppet-dedf0cdce952e36bcdccfc88b1efc33d9f5eaddb.tar.xz puppet-dedf0cdce952e36bcdccfc88b1efc33d9f5eaddb.zip | |
Setting SELinux contexts with chcon should not dereference symbolic links
| -rw-r--r-- | lib/puppet/util/selinux.rb | 4 | ||||
| -rw-r--r-- | spec/unit/util/selinux.rb | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb index 8c1aecf3b..d91a6943a 100644 --- a/lib/puppet/util/selinux.rb +++ b/lib/puppet/util/selinux.rb @@ -106,8 +106,8 @@ module Puppet::Util::SELinux flag = "" end - Puppet.debug "Running chcon #{flag} #{value} #{file}" - retval = system("chcon #{flag} #{value} #{file}") + Puppet.debug "Running chcon -h #{flag} #{value} #{file}" + retval = system("chcon -h #{flag} #{value} #{file}") unless retval error = Puppet::Error.new("failed to chcon %s" % [@resource[:path]]) raise error diff --git a/spec/unit/util/selinux.rb b/spec/unit/util/selinux.rb index 1718404e8..2d54d0a46 100644 --- a/spec/unit/util/selinux.rb +++ b/spec/unit/util/selinux.rb @@ -117,31 +117,31 @@ describe Puppet::Util::SELinux do it "should use chcon to set a context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon user_u:role_r:type_t:s0 /foo").returns 0 + self.expects(:system).with("chcon -h user_u:role_r:type_t:s0 /foo").returns 0 set_selinux_context("/foo", "user_u:role_r:type_t:s0").should be_true end it "should use chcon to set user_u user context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -u user_u /foo").returns 0 + self.expects(:system).with("chcon -h -u user_u /foo").returns 0 set_selinux_context("/foo", "user_u", :seluser).should be_true end it "should use chcon to set role_r role context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -r role_r /foo").returns 0 + self.expects(:system).with("chcon -h -r role_r /foo").returns 0 set_selinux_context("/foo", "role_r", :selrole).should be_true end it "should use chcon to set type_t type context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -t type_t /foo").returns 0 + self.expects(:system).with("chcon -h -t type_t /foo").returns 0 set_selinux_context("/foo", "type_t", :seltype).should be_true end it "should use chcon to set s0:c3,c5 range context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -l s0:c3,c5 /foo").returns 0 + self.expects(:system).with("chcon -h -l s0:c3,c5 /foo").returns 0 set_selinux_context("/foo", "s0:c3,c5", :selrange).should be_true end end |