lib/puppet/provider/selboolean/getsetsebool.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

Puppet::Type.type(:selboolean).provide(:getsetsebool) do
  desc "Manage SELinux booleans using the getsebool and setsebool binaries."

  commands :getsebool => "/usr/sbin/getsebool"
  commands :setsebool => "/usr/sbin/setsebool"

  def value
    self.debug "Retrieving value of selboolean #{@resource[:name]}"

    status = getsebool(@resource[:name])

    if status =~ / off$/
      return :off
    elsif status =~ / on$/ then
      return :on
    else
      status.chomp!
      raise Puppet::Error, "Invalid response '#{status}' returned from getsebool"
    end
  end

  def value=(new)
    persist = ""
    if @resource[:persistent] == :true
      self.debug "Enabling persistence"
      persist = "-P"
    end
    execoutput("#{command(:setsebool)} #{persist} #{@resource[:name]} #{new}")
    :file_changed
  end

  # Required workaround, since SELinux policy prevents setsebool
  # from writing to any files, even tmp, preventing the standard
  # 'setsebool("...")' construct from working.

  def execoutput (cmd)
    output = ''
    begin
      execpipe(cmd) do |out|
        output = out.readlines.join('').chomp!
      end
    rescue Puppet::ExecutionFailure
      raise Puppet::ExecutionFailure, output.split("\n")[0]
    end
    output
  end
end