Module: Chef::SELinux::CommonHelpers

Defined in:

lib/chef/resource/selinux/common_helpers.rb

Instance Method Summary

• #selinux_activate_required? ⇒ Boolean
• #selinux_disabled? ⇒ Boolean
• #selinux_enforcing? ⇒ Boolean
• #selinux_permissive? ⇒ Boolean
• #selinux_state ⇒ Object
• #state_change_reboot_required? ⇒ Boolean

Instance Method Details

#selinux_activate_required? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/resource/selinux/common_helpers.rb', line 40

def selinux_activate_required?
  return false unless platform_family?("debian")

  !File.read("/etc/default/grub").match?("security=selinux")
end

#selinux_disabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/resource/selinux/common_helpers.rb', line 17

def selinux_disabled?
  selinux_state.eql?(:disabled)
end

#selinux_enforcing? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/resource/selinux/common_helpers.rb', line 21

def selinux_enforcing?
  selinux_state.eql?(:enforcing)
end

#selinux_permissive? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/resource/selinux/common_helpers.rb', line 25

def selinux_permissive?
  selinux_state.eql?(:permissive)
end

#selinux_state ⇒ Object

# File 'lib/chef/resource/selinux/common_helpers.rb', line 33

def selinux_state
  state = shell_out!("getenforce").stdout.strip.downcase.to_sym
  raise "Got unknown SELinux state #{state}" unless %i{disabled enforcing permissive}.include?(state)

  state
end

#state_change_reboot_required? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/chef/resource/selinux/common_helpers.rb', line 29

def state_change_reboot_required?
  (selinux_disabled? && %i{enforcing permissive}.include?(action)) || ((selinux_enforcing? || selinux_permissive?) && action == :disabled)
end