On 8 March 2011 21:33, James Turnbull <ja...@lovedthanlost.net> wrote: > 1. Added tested > 2. Refactored to use F:U:R.exec > 3. Chomp trailing newline
What happens if it gets output if no Current Mode line (think older, think you're missing test/handling for that. You've also changed the rule to use Current mode not Mode from config file, was this intentiional have you tested on rhel4, rhel5, rhel6 and non-rhel selinux systems? Paul > Signed-off-by: James Turnbull <ja...@lovedthanlost.net> > --- > Local-branch: tickets/master/5485 > lib/facter/selinux.rb | 11 +++++++---- > spec/unit/data/selinux_sestatus | 4 ++++ > spec/unit/selinux_spec.rb | 15 +++++++++++++-- > 3 files changed, 24 insertions(+), 6 deletions(-) > create mode 100644 spec/unit/data/selinux_sestatus > > diff --git a/lib/facter/selinux.rb b/lib/facter/selinux.rb > index 0e9637d..ee663a0 100644 > --- a/lib/facter/selinux.rb > +++ b/lib/facter/selinux.rb > @@ -4,7 +4,7 @@ > Facter.add("selinux") do > confine :kernel => :linux > > - setcode do > + setcode do > result = "false" > if FileTest.exists?("/selinux/enforce") > if FileTest.exists?("/proc/self/attr/current") > @@ -31,7 +31,7 @@ end > > Facter.add("selinux_policyversion") do > confine :selinux => :true > - setcode do > + setcode do > File.read("/selinux/policyvers") > end > end > @@ -39,7 +39,10 @@ end > Facter.add("selinux_mode") do > confine :selinux => :true > setcode do > - %x{/usr/sbin/sestatus | /bin/grep "Policy from config file:" | awk > '{print $5}'} > + mode = Facter::Util::Resolution.exec('/usr/sbin/sestatus') > + mode.each_line do |l| > + mode = $1 if l =~ /^Current Mode:\s+(\w+)$/ > + end > + mode.chomp > end > end > - > diff --git a/spec/unit/data/selinux_sestatus b/spec/unit/data/selinux_sestatus > new file mode 100644 > index 0000000..b16777f > --- /dev/null > +++ b/spec/unit/data/selinux_sestatus > @@ -0,0 +1,4 @@ > +SELinux status: enabled > +SELinuxfs mount: /selinux > +Current Mode: permissive > +Policy version: 16 > diff --git a/spec/unit/selinux_spec.rb b/spec/unit/selinux_spec.rb > index 43fd5bf..2af9583 100755 > --- a/spec/unit/selinux_spec.rb > +++ b/spec/unit/selinux_spec.rb > @@ -31,11 +31,11 @@ describe "SELinux facts" do > File.stubs(:read).with("/selinux/enforce").returns("0") > > FileTest.expects(:exists?).with("/selinux/enforce").returns true > - File.expects(:read).with("/selinux/enforce").returns("1") > + File.expects(:read).with("/selinux/enforce").returns("1") > > Facter.fact(:selinux_enforced).value.should == "true" > end > - > + > it "should return an SELinux policy version" do > Facter.fact(:selinux).stubs(:value).returns("true") > > @@ -45,4 +45,15 @@ describe "SELinux facts" do > > Facter.fact(:selinux_policyversion).value.should == "1" > end > + > + it "should return the SELinux policy mode" do > + Facter.fact(:selinux).stubs(:value).returns("true") > + > + sample_output_file = File.dirname(__FILE__) + '/data/selinux_sestatus' > + selinux_sestatus = File.read(sample_output_file) > + > + > Facter::Util::Resolution.stubs(:exec).with('/usr/sbin/sestatus').returns(selinux_sestatus) > + > + Facter.fact(:selinux_mode).value.should == "permissive" > + end > end > -- > 1.7.1 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to puppet-dev@googlegroups.com. > To unsubscribe from this group, send email to > puppet-dev+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.