Fix SELinux check item #136

Merged
merged 3 commits into from Jun 6, 2013

Conversation

Projects
None yet
2 participants
@youyo

youyo commented Jun 6, 2013

  • Add check the /etc/selinux/config
@mizzy

View changes

lib/serverspec/commands/linux.rb
@@ -19,7 +19,7 @@ def check_iptables_rule rule, table=nil, chain=nil
end
def check_selinux mode
- "getenforce | grep -i -- #{escape(mode)}"
+ "getenforce | grep -i -- #{escape(mode)} && cat /etc/selinux/config |grep -i -- #{escape(mode)}"

This comment has been minimized.

@mizzy

mizzy Jun 6, 2013

Owner

If /etc/selinux/config content is like below, grep -i -- enforcing will return 0.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

So grep -i -- SELINUX=#{escape(mode)} would be better.

@mizzy

mizzy Jun 6, 2013

Owner

If /etc/selinux/config content is like below, grep -i -- enforcing will return 0.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

So grep -i -- SELINUX=#{escape(mode)} would be better.

@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jun 6, 2013

Owner

Tests are failing. So please fix test code, too.

Owner

mizzy commented Jun 6, 2013

Tests are failing. So please fix test code, too.

@youyo

This comment has been minimized.

Show comment
Hide comment
@youyo

youyo Jun 6, 2013

grep -i -- SELINUX=#{escape(mode)} is good more!
Should I re-pull request would you like?
I do not understand well the github...

youyo commented Jun 6, 2013

grep -i -- SELINUX=#{escape(mode)} is good more!
Should I re-pull request would you like?
I do not understand well the github...

@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jun 6, 2013

Owner

Only you have to do is fixing code and push it again.

You don't need to send a pull request again.

Thanks.

Owner

mizzy commented Jun 6, 2013

Only you have to do is fixing code and push it again.

You don't need to send a pull request again.

Thanks.

@youyo

This comment has been minimized.

Show comment
Hide comment
@youyo

youyo Jun 6, 2013

I understand!
Thank you!

youyo commented Jun 6, 2013

I understand!
Thank you!

@youyo

This comment has been minimized.

Show comment
Hide comment
@youyo

youyo Jun 6, 2013

That's right.
Fixed.

youyo commented Jun 6, 2013

That's right.
Fixed.

@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jun 6, 2013

Owner

LGTM.Thanks!

Owner

mizzy commented Jun 6, 2013

LGTM.Thanks!

mizzy added a commit that referenced this pull request Jun 6, 2013

@mizzy mizzy merged commit 910dcc8 into mizzy:master Jun 6, 2013

1 check passed

default The Travis CI build passed
Details
@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jun 6, 2013

Owner

Merged and released as v0.5.1.Thanks a lot!

Owner

mizzy commented Jun 6, 2013

Merged and released as v0.5.1.Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment