diff options
| -rw-r--r-- | lib/puppet/util/selinux.rb | 10 | ||||
| -rw-r--r-- | spec/unit/util/selinux.rb | 16 |
2 files changed, 10 insertions, 16 deletions
diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb index d91a6943a..0a4af3ca1 100644 --- a/lib/puppet/util/selinux.rb +++ b/lib/puppet/util/selinux.rb @@ -20,7 +20,7 @@ module Puppet::Util::SELinux end context = "" begin - execpipe("stat -c %C #{file}") do |out| + execpipe("/usr/bin/stat -c %C #{file}") do |out| out.each do |line| context << line end @@ -106,13 +106,7 @@ module Puppet::Util::SELinux flag = "" end - Puppet.debug "Running chcon -h #{flag} #{value} #{file}" - retval = system("chcon -h #{flag} #{value} #{file}") - unless retval - error = Puppet::Error.new("failed to chcon %s" % [@resource[:path]]) - raise error - return false - end + execute(["/usr/bin/chcon","-h",flag,value,file]) return true end diff --git a/spec/unit/util/selinux.rb b/spec/unit/util/selinux.rb index 2d54d0a46..515c3a273 100644 --- a/spec/unit/util/selinux.rb +++ b/spec/unit/util/selinux.rb @@ -27,19 +27,19 @@ describe Puppet::Util::SELinux do it "should return a context" do self.expects(:selinux_support?).returns true - self.expects(:execpipe).with("stat -c %C /foo").yields ["user_u:role_r:type_t:s0\n"] + self.expects(:execpipe).with("/usr/bin/stat -c %C /foo").yields ["user_u:role_r:type_t:s0\n"] get_selinux_current_context("/foo").should == "user_u:role_r:type_t:s0" end it "should return nil if an exception is raised calling stat" do self.expects(:selinux_support?).returns true - self.expects(:execpipe).with("stat -c %C /foo").raises(Puppet::ExecutionFailure, 'error') + self.expects(:execpipe).with("/usr/bin/stat -c %C /foo").raises(Puppet::ExecutionFailure, 'error') get_selinux_current_context("/foo").should be_nil end it "should return nil if stat finds an unlabeled file" do self.expects(:selinux_support?).returns true - self.expects(:execpipe).with("stat -c %C /foo").yields ["(null)\n"] + self.expects(:execpipe).with("/usr/bin/stat -c %C /foo").yields ["(null)\n"] get_selinux_current_context("/foo").should be_nil end end @@ -117,31 +117,31 @@ describe Puppet::Util::SELinux do it "should use chcon to set a context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -h user_u:role_r:type_t:s0 /foo").returns 0 + self.expects(:execute).with(["/usr/bin/chcon","-h","","user_u:role_r:type_t:s0","/foo"]).returns 0 set_selinux_context("/foo", "user_u:role_r:type_t:s0").should be_true end it "should use chcon to set user_u user context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -h -u user_u /foo").returns 0 + self.expects(:execute).with(["/usr/bin/chcon","-h","-u","user_u","/foo"]).returns 0 set_selinux_context("/foo", "user_u", :seluser).should be_true end it "should use chcon to set role_r role context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -h -r role_r /foo").returns 0 + self.expects(:execute).with(["/usr/bin/chcon","-h","-r","role_r","/foo"]).returns 0 set_selinux_context("/foo", "role_r", :selrole).should be_true end it "should use chcon to set type_t type context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -h -t type_t /foo").returns 0 + self.expects(:execute).with(["/usr/bin/chcon","-h","-t","type_t","/foo"]).returns 0 set_selinux_context("/foo", "type_t", :seltype).should be_true end it "should use chcon to set s0:c3,c5 range context" do self.expects(:selinux_support?).returns true - self.expects(:system).with("chcon -h -l s0:c3,c5 /foo").returns 0 + self.expects(:execute).with(["/usr/bin/chcon","-h","-l","s0:c3,c5","/foo"]).returns 0 set_selinux_context("/foo", "s0:c3,c5", :selrange).should be_true end end |