specinfra 2.67.2 → 2.67.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/specinfra/command/linux/base/selinux.rb +20 -1
- data/lib/specinfra/version.rb +1 -1
- data/spec/command/linux/selinux_spec.rb +2 -2
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d9ac803e2d99d0e7f97bd4064754143b351ac141
|
|
4
|
+
data.tar.gz: bbb1454131eb7b1233fb48f78945b636af619d77
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e9e25cb1b6029f769f8b677d40fdaea2f4652f90325b3fe8eb0cd8a1fc56e5669680cc1d3cb1a98b1e00d90e13777cfeec57564210b141004ce46a471d765b93
|
|
7
|
+
data.tar.gz: a455781b6e538dc3100d14145e983ef3053d689af9d153e5f064b64ac16970392683e9cc38da9b522702fb5f3439d7b21878862868e7a6ab5b91377f00983dd9
|
|
@@ -1,12 +1,31 @@
|
|
|
1
1
|
class Specinfra::Command::Linux::Base::Selinux < Specinfra::Command::Base::Selinux
|
|
2
2
|
class << self
|
|
3
3
|
def check_has_mode(mode, policy = nil)
|
|
4
|
+
|
|
4
5
|
cmd = ""
|
|
5
|
-
|
|
6
|
+
|
|
7
|
+
# If disabled, then the absence of /etc/selinux/config is sufficient
|
|
8
|
+
cmd += "test ! -f /etc/selinux/config || " if mode == "disabled"
|
|
9
|
+
|
|
10
|
+
# If disabled, wrap the rest of the test in parentheses
|
|
11
|
+
# i.e. only test this stuff if /etc/selinux/config exists
|
|
12
|
+
cmd += "( ( " if mode == "disabled"
|
|
13
|
+
|
|
14
|
+
# Does getenforce return the same value as we are checking for?
|
|
6
15
|
cmd += "(getenforce | grep -i -- #{escape(mode)})"
|
|
16
|
+
|
|
17
|
+
# If disabled, then permissive is considered a pass
|
|
7
18
|
cmd += " || (getenforce | grep -i -- #{escape('permissive')}) )" if mode == "disabled"
|
|
19
|
+
|
|
20
|
+
# Ensure that /etc/selinux/config contains the mode we specify
|
|
8
21
|
cmd += %Q{ && grep -iE -- '^\\s*SELINUX=#{escape(mode)}\\>' /etc/selinux/config}
|
|
22
|
+
|
|
23
|
+
# If we have specified a policy, ensure that is included in /etc/selinux/config
|
|
9
24
|
cmd += %Q{ && grep -iE -- '^\\s*SELINUXTYPE=#{escape(policy)}\\>' /etc/selinux/config} if policy != nil
|
|
25
|
+
|
|
26
|
+
# End parenthesis for tests when /etc/selinux/config exists
|
|
27
|
+
cmd += ")" if mode == "disabled"
|
|
28
|
+
|
|
10
29
|
cmd
|
|
11
30
|
end
|
|
12
31
|
end
|
data/lib/specinfra/version.rb
CHANGED
|
@@ -5,10 +5,10 @@ set :os, :family => 'linux'
|
|
|
5
5
|
|
|
6
6
|
describe get_command(:check_selinux_has_mode, 'disabled') do
|
|
7
7
|
it do
|
|
8
|
-
should eq %Q{test ! -f /etc/selinux/config || ( (} +
|
|
8
|
+
should eq %Q{test ! -f /etc/selinux/config || ( ( (} +
|
|
9
9
|
%Q{getenforce | grep -i -- disabled) ||} +
|
|
10
10
|
%Q{ (getenforce | grep -i -- permissive) )} +
|
|
11
|
-
%Q{ && grep -iE -- '^\\s*SELINUX=disabled\\>' /etc/selinux/config}
|
|
11
|
+
%Q{ && grep -iE -- '^\\s*SELINUX=disabled\\>' /etc/selinux/config)}
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: specinfra
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.67.
|
|
4
|
+
version: 2.67.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Gosuke Miyashita
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: net-scp
|