New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for a debian box not installed selinux-basics #217

Merged
merged 1 commit into from Jul 13, 2013

Conversation

Projects
None yet
2 participants
@kui
Contributor

kui commented Jul 12, 2013

On a debian box not installed selinux-basics, serverspec does not work right with:

describe selinux do
  it { should be_disabled }
end

because getenforce and /etc/selinux/config does not exists.

Support for a debian box not installed selinux-basics
On a debian box not installed `selinux-basics`, serverspec does not
work right with:

    describe selinux do
      it { should be_disabled }
    end

because `getenforce` and `/etc/selinux/config` does not exists.

@mizzy mizzy merged commit 9abb950 into mizzy:master Jul 13, 2013

1 check passed

default The Travis CI build passed
Details
@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jul 13, 2013

Owner

Thnaks.I've simplified a little and merged and released it.

Owner

mizzy commented Jul 13, 2013

Thnaks.I've simplified a little and merged and released it.

@kui

This comment has been minimized.

Show comment
Hide comment
@kui

kui Jul 14, 2013

Contributor

umm... When I use be_enforcing or be_permissive, your modification cause a syntax error:

  1) SELinux
     Failure/Error: it { should be_enforcing }
       sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)
       bash: -c: line 0: syntax error near unexpected token `getenforce'
bash: -c: line 0: `sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)'
       expected enforcing? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'
Contributor

kui commented Jul 14, 2013

umm... When I use be_enforcing or be_permissive, your modification cause a syntax error:

  1) SELinux
     Failure/Error: it { should be_enforcing }
       sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)
       bash: -c: line 0: syntax error near unexpected token `getenforce'
bash: -c: line 0: `sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)'
       expected enforcing? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'
@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jul 14, 2013

Owner

It seems that sudo causes the error.It works fine without sudo in my environment.I wil fix it.

Owner

mizzy commented Jul 14, 2013

It seems that sudo causes the error.It works fine without sudo in my environment.I wil fix it.

@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jul 14, 2013

Owner

I've confirmed that ( and ) with sudo causes the error.I will remove ( and ) when be_enforcing and be_permissive.

Owner

mizzy commented Jul 14, 2013

I've confirmed that ( and ) with sudo causes the error.I will remove ( and ) when be_enforcing and be_permissive.

@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jul 14, 2013

Owner

I've fixed with #218 and released as v0.6.30. Please check it.

Owner

mizzy commented Jul 14, 2013

I've fixed with #218 and released as v0.6.30. Please check it.

@kui

This comment has been minimized.

Show comment
Hide comment
@kui

kui Jul 14, 2013

Contributor

I've check it. But, it's not works right, because getenforce is located in /usr/sbin. So, It's required that PATH env variable includes /usr/sbin or that getenforce is executed with sudo (such as my pull req).

I've executed with be_disabled and a debian box installed selinux-basics:

  1) SELinux
     Failure/Error: it { should be_disabled }
       sudo test ! -f /etc/selinux/config || (getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config)
       bash: getenforce: command not found
       expected disabled? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'

getenforce location and attributes on Debian 6:

$ sudo ls -l `sudo which getenforce`
-rwxr-xr-x 1 root root 5152 Jul 21  2010 /usr/sbin/getenforce
Contributor

kui commented Jul 14, 2013

I've check it. But, it's not works right, because getenforce is located in /usr/sbin. So, It's required that PATH env variable includes /usr/sbin or that getenforce is executed with sudo (such as my pull req).

I've executed with be_disabled and a debian box installed selinux-basics:

  1) SELinux
     Failure/Error: it { should be_disabled }
       sudo test ! -f /etc/selinux/config || (getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config)
       bash: getenforce: command not found
       expected disabled? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'

getenforce location and attributes on Debian 6:

$ sudo ls -l `sudo which getenforce`
-rwxr-xr-x 1 root root 5152 Jul 21  2010 /usr/sbin/getenforce
@mizzy

This comment has been minimized.

Show comment
Hide comment
@mizzy

mizzy Jul 14, 2013

Owner

It's not the problem specific to this command.It's a general issue of the command that composed by several commands concatenated by && or ||.

I've heard this problem from @ftnk at July Tech Festa 2013 just today.

I will fix this issue by fixing Backend::Exec and Backend::Ssh.
(Or patches are welcome.)

Owner

mizzy commented Jul 14, 2013

It's not the problem specific to this command.It's a general issue of the command that composed by several commands concatenated by && or ||.

I've heard this problem from @ftnk at July Tech Festa 2013 just today.

I will fix this issue by fixing Backend::Exec and Backend::Ssh.
(Or patches are welcome.)

mizzy added a commit that referenced this pull request Jul 14, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment