Class: Specinfra::Command::Linux::Base::Selinux

Inherits:
Base::Selinux show all
Defined in:
lib/specinfra/command/linux/base/selinux.rb

Class Method Summary collapse

Methods inherited from Base

create, escape

Class Method Details

.check_has_mode(mode, policy = nil) ⇒ Object 



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 
# File 'lib/specinfra/command/linux/base/selinux.rb', line 3

def check_has_mode(mode, policy = nil)

  cmd =  ""

  # If disabled, then the absence of /etc/selinux/config is sufficient
  cmd += "test ! -f /etc/selinux/config || " if mode == "disabled"

  # If disabled, wrap the rest of the test in parentheses
  # i.e. only test this stuff if /etc/selinux/config exists
  cmd += "( ( " if mode == "disabled"

  # Does getenforce return the same value as we are checking for?
  cmd += "(getenforce | grep -i -- #{escape(mode)})"

  # If disabled, then permissive is considered a pass
  cmd += " || (getenforce | grep -i -- #{escape('permissive')}) )" if mode == "disabled"

  # Ensure that /etc/selinux/config contains the mode we specify
  cmd += %Q{ && grep -iE -- '^\\s*SELINUX=#{escape(mode)}\\>' /etc/selinux/config}

  # If we have specified a policy, ensure that is included in /etc/selinux/config
  cmd += %Q{ && grep -iE -- '^\\s*SELINUXTYPE=#{escape(policy)}\\>' /etc/selinux/config} if policy != nil

  # End parenthesis for tests when /etc/selinux/config exists
  cmd += ")" if mode == "disabled"

  cmd
end