Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for a debian box not installed selinux-basics #217

Merged
merged 1 commit into from Jul 13, 2013

Conversation

@kui
Copy link
Contributor

@kui kui commented Jul 12, 2013

On a debian box not installed selinux-basics, serverspec does not work right with:

describe selinux do
  it { should be_disabled }
end

because getenforce and /etc/selinux/config does not exists.

On a debian box not installed `selinux-basics`, serverspec does not
work right with:

    describe selinux do
      it { should be_disabled }
    end

because `getenforce` and `/etc/selinux/config` does not exists.
@mizzy mizzy merged commit 9abb950 into mizzy:master Jul 13, 2013
1 check passed
@mizzy
Copy link
Owner

@mizzy mizzy commented Jul 13, 2013

Thnaks.I've simplified a little and merged and released it.

@kui
Copy link
Contributor Author

@kui kui commented Jul 14, 2013

umm... When I use be_enforcing or be_permissive, your modification cause a syntax error:

  1) SELinux
     Failure/Error: it { should be_enforcing }
       sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)
       bash: -c: line 0: syntax error near unexpected token `getenforce'
bash: -c: line 0: `sudo (getenforce | grep -i -- enforcing && grep -i -- ^SELINUX=enforcing$ /etc/selinux/config)'
       expected enforcing? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'

@mizzy
Copy link
Owner

@mizzy mizzy commented Jul 14, 2013

It seems that sudo causes the error.It works fine without sudo in my environment.I wil fix it.

@mizzy
Copy link
Owner

@mizzy mizzy commented Jul 14, 2013

I've confirmed that ( and ) with sudo causes the error.I will remove ( and ) when be_enforcing and be_permissive.

@mizzy
Copy link
Owner

@mizzy mizzy commented Jul 14, 2013

I've fixed with #218 and released as v0.6.30. Please check it.

@kui
Copy link
Contributor Author

@kui kui commented Jul 14, 2013

I've check it. But, it's not works right, because getenforce is located in /usr/sbin. So, It's required that PATH env variable includes /usr/sbin or that getenforce is executed with sudo (such as my pull req).

I've executed with be_disabled and a debian box installed selinux-basics:

  1) SELinux
     Failure/Error: it { should be_disabled }
       sudo test ! -f /etc/selinux/config || (getenforce | grep -i -- disabled && grep -i -- ^SELINUX=disabled$ /etc/selinux/config)
       bash: getenforce: command not found
       expected disabled? to return true, got false
     # ./spec/common/selinux_spec.rb:4:in `block (2 levels) in <top (required)>'

getenforce location and attributes on Debian 6:

$ sudo ls -l `sudo which getenforce`
-rwxr-xr-x 1 root root 5152 Jul 21  2010 /usr/sbin/getenforce

@mizzy
Copy link
Owner

@mizzy mizzy commented Jul 14, 2013

It's not the problem specific to this command.It's a general issue of the command that composed by several commands concatenated by && or ||.

I've heard this problem from @ftnk at July Tech Festa 2013 just today.

I will fix this issue by fixing Backend::Exec and Backend::Ssh.
(Or patches are welcome.)

mizzy added a commit that referenced this issue Jul 14, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants