(#15049) Return only one selinuxfs path as string from mounts

The block that parses /proc/self/mountinfo to find a selinuxfs filesystem would
return results as an array.  On Ruby 1.8, interpolating this into a string for
File.exists? when one result was returned worked, while on Ruby 1.9 it
interpolated as ["/sys/fs/selinux"]/enforce so later failed.

This changes the block to return the single result string rather than an array.

This also fixes #11531 where multiple selinuxfs filesystems could be mounted,
as it returns only the first mountpoint.

The /proc file was changed from /proc/self/mountinfo to /proc/self/mounts for
compatibility with Linux 2.6.25 and older.

Author: Dominic Cleal

lib/facter/selinux.rb

@@ -15,15 +15,16 @@
 # This supports the fact that the selinux mount point is not always in the
 # same location -- the selinux mount point is operating system specific.
 def selinux_mount_point
-  if FileTest.exists?('/proc/self/mountinfo')
-    File.open('/proc/self/mountinfo') do |f|
+  path = "/selinux"
+  if FileTest.exists?('/proc/self/mounts')
+    File.open('/proc/self/mounts') do |f|
       f.grep(/selinuxfs/) do |line|
-        line.split[4]
+        path = line.split[1]
+        break
       end
     end
-  else
-    "/selinux"
   end
+  path
 end
 
 Facter.add("selinux") do

spec/unit/selinux_spec.rb

@@ -9,17 +9,58 @@
     Facter.clear
   end
 
-  it "should return true if SELinux enabled" do
-    Facter.fact(:kernel).stubs(:value).returns("Linux")
+  describe "should detect if SELinux is enabled" do
+    it "and return true with default /selinux" do
+      Facter.fact(:kernel).stubs(:value).returns("Linux")
 
-    FileTest.stubs(:exists?).returns false
-    File.stubs(:read).with("/proc/self/attr/current").returns("notkernel")
+      FileTest.stubs(:exists?).returns false
+      File.stubs(:read).with("/proc/self/attr/current").returns("notkernel")
 
-    FileTest.expects(:exists?).with("/selinux/enforce").returns true
-    FileTest.expects(:exists?).with("/proc/self/attr/current").returns true
-    File.expects(:read).with("/proc/self/attr/current").returns("kernel")
+      FileTest.expects(:exists?).with("/selinux/enforce").returns true
+      FileTest.expects(:exists?).with("/proc/self/attr/current").returns true
+      File.expects(:read).with("/proc/self/attr/current").returns("kernel")
+
+      Facter.fact(:selinux).value.should == "true"
+    end
+
+    it "and return true with selinuxfs path from /proc" do
+      Facter.fact(:kernel).stubs(:value).returns("Linux")
+
+      mounts = mock()
+      lines = [ "selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0" ]
+      mounts.expects(:grep).multiple_yields(*lines)
+
+      FileTest.expects(:exists?).with("/proc/self/mounts").returns true
+      File.expects(:open).with("/proc/self/mounts").yields(mounts)
+
+      FileTest.expects(:exists?).with("/sys/fs/selinux/enforce").returns true
+
+      FileTest.expects(:exists?).with("/proc/self/attr/current").returns true
+      File.expects(:read).with("/proc/self/attr/current").returns("kernel")
+
+      Facter.fact(:selinux).value.should == "true"
+    end
+
+    it "and return true with multiple selinuxfs mounts from /proc" do
+      Facter.fact(:kernel).stubs(:value).returns("Linux")
+
+      mounts = mock()
+      lines = [
+        "selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0",
+        "selinuxfs /var/tmp/imgcreate-R2wmE6/install_root/sys/fs/selinux selinuxfs rw,relatime 0 0",
+      ]
+      mounts.expects(:grep).multiple_yields(*lines)
+
+      FileTest.expects(:exists?).with("/proc/self/mounts").returns true
+      File.expects(:open).with("/proc/self/mounts").yields(mounts)
+
+      FileTest.expects(:exists?).with("/sys/fs/selinux/enforce").returns true
+
+      FileTest.expects(:exists?).with("/proc/self/attr/current").returns true
+      File.expects(:read).with("/proc/self/attr/current").returns("kernel")
 
-    Facter.fact(:selinux).value.should == "true"
+      Facter.fact(:selinux).value.should == "true"
+    end
   end
 
   it "should return true if SELinux policy enabled" do
@@ -36,7 +77,7 @@
 
   it "should return an SELinux policy version" do
     Facter.fact(:selinux).stubs(:value).returns("true")
-    FileTest.stubs(:exists?).with("/proc/self/mountinfo").returns false
+    FileTest.stubs(:exists?).with("/proc/self/mounts").returns false
 
     File.stubs(:read).with("/selinux/policyvers").returns("")