On 8 March 2011 21:33, James Turnbull <ja...@lovedthanlost.net> wrote:
> 1. Added tested
> 2. Refactored to use F:U:R.exec
> 3. Chomp trailing newline
What happens if it gets output if no Current Mode line (think older,
think you're missing test/handling for that.
You've also changed the rule to use Current mode not Mode from config
file, was this intentiional have you tested on rhel4, rhel5, rhel6 and
non-rhel selinux systems?
Paul
> Signed-off-by: James Turnbull <ja...@lovedthanlost.net>
> ---
> Local-branch: tickets/master/5485
> lib/facter/selinux.rb | 11 +++++++----
> spec/unit/data/selinux_sestatus | 4 ++++
> spec/unit/selinux_spec.rb | 15 +++++++++++++--
> 3 files changed, 24 insertions(+), 6 deletions(-)
> create mode 100644 spec/unit/data/selinux_sestatus
>
> diff --git a/lib/facter/selinux.rb b/lib/facter/selinux.rb
> index 0e9637d..ee663a0 100644
> --- a/lib/facter/selinux.rb
> +++ b/lib/facter/selinux.rb
> @@ -4,7 +4,7 @@
> Facter.add("selinux") do
> confine :kernel => :linux
>
> - setcode do
> + setcode do
> result = "false"
> if FileTest.exists?("/selinux/enforce")
> if FileTest.exists?("/proc/self/attr/current")
> @@ -31,7 +31,7 @@ end
>
> Facter.add("selinux_policyversion") do
> confine :selinux => :true
> - setcode do
> + setcode do
> File.read("/selinux/policyvers")
> end
> end
> @@ -39,7 +39,10 @@ end
> Facter.add("selinux_mode") do
> confine :selinux => :true
> setcode do
> - %x{/usr/sbin/sestatus | /bin/grep "Policy from config file:" | awk
> '{print $5}'}
> + mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus')
> + mode.each_line do |l|
> + mode = $1 if l =~ /^Current Mode:\s+(\w+)$/
> + end
> + mode.chomp
> end
> end
> -
> diff --git a/spec/unit/data/selinux_sestatus b/spec/unit/data/selinux_sestatus
> new file mode 100644
> index 0000000..b16777f
> --- /dev/null
> +++ b/spec/unit/data/selinux_sestatus
> @@ -0,0 +1,4 @@
> +SELinux status: enabled
> +SELinuxfs mount: /selinux
> +Current Mode: permissive
> +Policy version: 16
> diff --git a/spec/unit/selinux_spec.rb b/spec/unit/selinux_spec.rb
> index 43fd5bf..2af9583 100755
> --- a/spec/unit/selinux_spec.rb
> +++ b/spec/unit/selinux_spec.rb
> @@ -31,11 +31,11 @@ describe "SELinux facts" do
> File.stubs(:read).with("/selinux/enforce").returns("0")
>
> FileTest.expects(:exists?).with("/selinux/enforce").returns true
> - File.expects(:read).with("/selinux/enforce").returns("1")
> + File.expects(:read).with("/selinux/enforce").returns("1")
>
> Facter.fact(:selinux_enforced).value.should == "true"
> end
> -
> +
> it "should return an SELinux policy version" do
> Facter.fact(:selinux).stubs(:value).returns("true")
>
> @@ -45,4 +45,15 @@ describe "SELinux facts" do
>
> Facter.fact(:selinux_policyversion).value.should == "1"
> end
> +
> + it "should return the SELinux policy mode" do
> + Facter.fact(:selinux).stubs(:value).returns("true")
> +
> + sample_output_file = File.dirname(__FILE__) + '/data/selinux_sestatus'
> + selinux_sestatus = File.read(sample_output_file)
> +
> +
> Facter::Util::Resolution.stubs(:exec).with('/usr/sbin/sestatus').returns(selinux_sestatus)
> +
> + Facter.fact(:selinux_mode).value.should == "permissive"
> + end
> end
> --
> 1.7.1
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Developers" group.
> To post to this group, send email to puppet-dev@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-dev+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-dev?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
