New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Selinux enforcing support for RHEL/Centos #173

Merged
merged 1 commit into from Oct 21, 2017

Conversation

Projects
None yet
3 participants
@AnMoeller
Contributor

AnMoeller commented Oct 19, 2017

lets have an attribute for enforcing or permissiving SELinuxon RHEL/Centos.
Implementation like suggested in issue: #106

@coveralls

This comment has been minimized.

Show comment
Hide comment
@coveralls

coveralls Oct 19, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling bff2370 on AnMoeller:selinux-hardening into d7ea263 on dev-sec:master.

coveralls commented Oct 19, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling bff2370 on AnMoeller:selinux-hardening into d7ea263 on dev-sec:master.

@artem-sidorenko

artem-sidorenko requested changes Oct 19, 2017 edited

@AnMoeller good work!:) I've only nitpicks

We could also make a spec tests here to verify/test the exceptions, but I do not think its really required

Show outdated Hide outdated README.md
Show outdated Hide outdated recipes/default.rb
group 'root'
variables selinux_mode: node['os-hardening']['security']['selinux_mode']
end
end

This comment has been minimized.

@artem-sidorenko

artem-sidorenko Oct 19, 2017

Member

Suggestion: add an else condition to raise an exception on unsupported systems, e.g.

case node['platform_family']
when 'rhel', 'fedora'
  ...
else
  raise "Selinux recipe is not supported on the platform family #{node['platform_family']}"
end
@artem-sidorenko

artem-sidorenko Oct 19, 2017

Member

Suggestion: add an else condition to raise an exception on unsupported systems, e.g.

case node['platform_family']
when 'rhel', 'fedora'
  ...
else
  raise "Selinux recipe is not supported on the platform family #{node['platform_family']}"
end
Show outdated Hide outdated recipes/selinux.rb
Show outdated Hide outdated recipes/selinux.rb
Selinux enforcing support for RHEL/Centos
lets have an attribute that allows to set SELinux mode to enforce/
permissive or let it as it is.
@coveralls

This comment has been minimized.

Show comment
Hide comment
@coveralls

coveralls Oct 20, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling 28b54ed on AnMoeller:selinux-hardening into 805471d on dev-sec:master.

coveralls commented Oct 20, 2017

Coverage Status

Coverage remained the same at 100.0% when pulling 28b54ed on AnMoeller:selinux-hardening into 805471d on dev-sec:master.

@AnMoeller

This comment has been minimized.

Show comment
Hide comment
@AnMoeller

AnMoeller Oct 20, 2017

Contributor

Many thanks for your hints and suggestions. They are implemented.

Contributor

AnMoeller commented Oct 20, 2017

Many thanks for your hints and suggestions. They are implemented.

@artem-sidorenko

This comment has been minimized.

Show comment
Hide comment
@artem-sidorenko
Member

artem-sidorenko commented Oct 20, 2017

@artem-sidorenko

@AnMoeller many thanks! Looks good to me

@atomic111 any remarks?

@artem-sidorenko

This comment has been minimized.

Show comment
Hide comment
@artem-sidorenko

artem-sidorenko Oct 20, 2017

Member

@atomic111 there is some issue with DO image name (centos 7), I'll fix it in another PR today. Then we probably can rebase this PR

Member

artem-sidorenko commented Oct 20, 2017

@atomic111 there is some issue with DO image name (centos 7), I'll fix it in another PR today. Then we probably can rebase this PR

@artem-sidorenko

This comment has been minimized.

Show comment
Hide comment
@artem-sidorenko

artem-sidorenko Oct 21, 2017

Member

It looks like the issue with centos DO image was already fixed in master, so I'm merging this.

@AnMoeller many thanks!

Member

artem-sidorenko commented Oct 21, 2017

It looks like the issue with centos DO image was already fixed in master, so I'm merging this.

@AnMoeller many thanks!

@artem-sidorenko artem-sidorenko merged commit cd88696 into dev-sec:master Oct 21, 2017

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage remained the same at 100.0%
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment