Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux state setsebool is incorrect #5912

Closed
racooper opened this issue Jul 3, 2013 · 3 comments · Fixed by #5917
Closed

SELinux state setsebool is incorrect #5912

racooper opened this issue Jul 3, 2013 · 3 comments · Fixed by #5917
Labels
Bug broken, incorrect, or confusing behavior
Milestone
0.17.0

Comments

@racooper
Copy link

racooper commented Jul 3, 2013

In states/selinux.py, it appears that something is changing the state value to "None" instead of "True" or "On" as specified in the .sls file.

From salt-call debug I see

[DEBUG   ] Rendered data from file: /var/cache/salt/minion/files/base/webserver/selinux.sls:
httpd_can_network_connect:
  selinux.boolean:
    - value: true
    - persist: true
.
.
.
[INFO    ] Executing command 'setsebool -P httpd_can_network_connect None' in directory '/root'
.
.
.
local:
----------
    State: - selinux
    Name:      httpd_can_network_connect
    Function:  boolean
        Result:    True
        Comment:   Failed to set the boolean httpd_can_network_connect to None
        Changes:

I'm not really familiar with Python but I'm seeing this in the states\selinux.py file around line 125:

    if __opts__['test']:
        ret['result'] = None
        ret['comment'] = 'Boolean {0} is set to be changed to {1}'.format(
                name, value)
        return ret

So it appears that the value coming from selinux.sls in the state tree is being replaced by "None" in the state module. It's also possible that I'm reading that completely wrong and have an incorrect syntax in my state file, but I've tested various configurations with no change.
@terminalmage
Copy link
Contributor

No, that is not what is happening. That code is only executed when you use test=True on your state.highstate or state.sls. The problem here is that neither of the comparisons in the function _refine_value() within salt/states/selinux.py are evaluating to True, causing the function to return None.

Should be a pretty easy fix. Thanks for the report.

terminalmage added a commit to terminalmage/salt that referenced this issue Jul 3, 2013
@terminalmage
Fix salt.states.selinux._refine_value()
e98d141 
This function was not properly handling True/False values, causing the
state not to work when one of these values is used. This makes the
example in the docstring fail.

Also cleaned up/simplified _refine_mode.

Fixes saltstack#5912.
@terminalmage terminalmage mentioned this issue Jul 3, 2013
Merged
@terminalmage
Copy link
Contributor

@racooper Fixed in #5917. In the meantime, you can use on/off instead of true/false for the value parameter in your SLS.

@racooper
Copy link
Author

racooper commented Jul 3, 2013

I tried with on/off both before and after I posted this report and that didn't work either. The selinux.py from #5917 does work with both on and true values.

terminalmage added a commit that referenced this issue Jul 9, 2013
@terminalmage @basepi
Fix salt.states.selinux._refine_value()
89093ac 
This function was not properly handling True/False values, causing the
state not to work when one of these values is used. This makes the
example in the docstring fail.

Also cleaned up/simplified _refine_mode.

Fixes #5912.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior
Projects
None yet
Milestone
0.17.0
Development

Successfully merging a pull request may close this issue.

Fix salt.states.selinux._refine_value() terminalmage/salt
2 participants
@terminalmage @racooper