diff options
| author | Sean E. Millichamp <sean@bruenor.org> | 2008-10-08 11:39:10 -0400 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2008-10-09 11:40:06 +1100 |
| commit | a562ce5f7c6737280b92ee05b0609bd4b8088450 (patch) | |
| tree | aa900df25223c9b841f05bfff6ba9b9f4b0a2d4c /lib | |
| parent | 2b4aa0c442f40125526cf2a19c15af4908684388 (diff) | |
| download | puppet-a562ce5f7c6737280b92ee05b0609bd4b8088450.tar.gz puppet-a562ce5f7c6737280b92ee05b0609bd4b8088450.tar.xz puppet-a562ce5f7c6737280b92ee05b0609bd4b8088450.zip | |
Add unit test coverage for Puppet::Util::SELinux and fix problems found by tests
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/util/selinux.rb | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb index e99ee30e2..8c1aecf3b 100644 --- a/lib/puppet/util/selinux.rb +++ b/lib/puppet/util/selinux.rb @@ -18,11 +18,22 @@ module Puppet::Util::SELinux unless selinux_support? return nil end - context = `stat -c %C #{file}` - if ($?.to_i >> 8) > 0 + context = "" + begin + execpipe("stat -c %C #{file}") do |out| + out.each do |line| + context << line + end + end + rescue Puppet::ExecutionFailure return nil end context.chomp! + # Handle the case that the system seems to have SELinux support but + # stat finds unlabled files. + if context == "(null)" + return nil + end return context end @@ -40,8 +51,14 @@ module Puppet::Util::SELinux unless FileTest.executable?("/usr/sbin/matchpathcon") return nil end - context = %x{/usr/sbin/matchpathcon #{file} 2>&1} - if ($?.to_i >> 8) > 0 + context = "" + begin + execpipe("/usr/sbin/matchpathcon #{file}") do |out| + out.each do |line| + context << line + end + end + rescue Puppet::ExecutionFailure return nil end # For a successful match, matchpathcon returns two fields separated by @@ -57,18 +74,15 @@ module Puppet::Util::SELinux if context.nil? or context == "unlabeled" return nil end - unless context =~ /^[a-z0-9_]+:[a-z0-9_]+:[a-z0-9_]+(:[a-z0-9_])?/ + unless context =~ /^([a-z0-9_]+):([a-z0-9_]+):([a-z0-9_]+)(?::([a-zA-Z0-9:,._-]+))?/ raise Puppet::Error, "Invalid context to parse: #{context}" end - bits = context.split(':') ret = { - :seluser => bits[0], - :selrole => bits[1], - :seltype => bits[2] + :seluser => $1, + :selrole => $2, + :seltype => $3, + :selrange => $4, } - if bits.length == 4 - ret[:selrange] = bits[3] - end return ret[component] end @@ -97,7 +111,9 @@ module Puppet::Util::SELinux unless retval error = Puppet::Error.new("failed to chcon %s" % [@resource[:path]]) raise error + return false end + return true end # Since this call relies on get_selinux_default_context it also needs a @@ -113,7 +129,8 @@ module Puppet::Util::SELinux cur_context = get_selinux_current_context(file) if new_context != cur_context set_selinux_context(file, new_context) + return new_context end - return new_context + return nil end end |