diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Change Log
 
+## 2016-09-08 Release [v0.5.0](https://github.com/voxpupuli/puppet-selinux/tree/v0.5.0)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v0.4.1...v0.5.0)
+
+**Merged pull requests:**
+
+- Cleanups and dangling issues [\#117](https://github.com/voxpupuli/puppet-selinux/pull/117) ([maage](https://github.com/maage))
+- Fixing operatingsystem for Amazon Linux [\#111](https://github.com/voxpupuli/puppet-selinux/pull/111) ([bleiva](https://github.com/bleiva))
+
+
 ## 2016-09-02 Release [0.4.1](https://github.com/voxpupuli/puppet-selinux/tree/v0.4.1)
 [Full Changelog](https://github.com/voxpupuli/puppet-selinux/compare/v0.4.0...v0.4.1)
 

diff --git a/lib/facter/selinux_custom_policy.rb b/lib/facter/selinux_custom_policy.rb
@@ -7,6 +7,13 @@
 Facter.add(:selinux_custom_policy) do
   confine kernel: 'Linux', osfamily: 'RedHat', operatingsystemmajrelease: '7', selinux: ['true', true]
   setcode do
-    Facter::Util::Resolution.exec("sestatus | grep 'Loaded policy name' | awk '{ print \$4 }'")
+    policy = nil
+    output = Facter::Util::Resolution.exec('sestatus 2>/dev/null')
+    if output
+      output.each_line do |line|
+        break if line =~ %r{^Loaded policy name:\s*(?<policy>.*)$}
+      end
+    end
+    policy
   end
 end
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -61,8 +61,8 @@
 
     exec { "change-selinux-status-to-${mode}":
       command => "setenforce ${sestatus}",
-      unless  => "getenforce | grep -qi \"${mode}\\|disabled\"",
-      path    => '/bin:/usr/bin:/usr/sbin',
+      unless  => "getenforce | grep -Eqi '${mode}|disabled'",
+      path    => '/bin:/sbin:/usr/bin:/usr/sbin',
     }
   }
 

diff --git a/manifests/fcontext.pp b/manifests/fcontext.pp
@@ -70,7 +70,7 @@
   $destination         = undef,
   $context             = undef,
   $filetype            = false,
-  $filemode            = undef,
+  $filemode            = 'a',
   $equals              = false,
   $restorecond         = true,
   $restorecond_path    = undef,
@@ -96,43 +96,41 @@
   validate_absolute_path($restorecond_path_private)
 
   $restorecond_resurse_private = $restorecond_recurse ? {
-    true  => '-R ',
-    false => ''
+    true  => ['-R'],
+    false => [],
   }
 
   if $equals and $filetype {
     fail('Resource cannot contain both "equals" and "filetype" options')
   }
 
-  if $filetype and $filemode !~ /(a|f|d|c|b|s|l|p)/ {
-    fail('file mode must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"')
-  }
-
   if $equals {
     $resource_name = "add_${destination}_${pathname}"
-    $command       = "semanage fcontext -a -e \"${destination}\" \"${pathname}\""
-    $unless        = "semanage fcontext -l | grep -E \"^${pathname} = ${destination}$\""
-  } elsif $filetype {
-    $resource_name = "add_${context}_${pathname}_type_${filemode}"
-    $command       = "semanage fcontext -a -f ${filemode} -t ${context} \"${pathname}\""
-    $unless        = "semanage fcontext -l | grep \"^${pathname}[[:space:]].*:${context}:\""
+    $command       = shellquote('semanage', 'fcontext','-a', '-e', $destination, $pathname)
+    $unless        = sprintf('semanage fcontext -l | grep -Fx %s', shellquote("${pathname} = ${destination}"))
   } else {
-    $resource_name = "add_${context}_${pathname}"
-    $command       = "semanage fcontext -a -t ${context} \"${pathname}\""
-    $unless        = "semanage fcontext -l | grep \"^${pathname}[[:space:]].*:${context}:\""
+    if $filemode !~ /^(?:a|f|d|c|b|s|l|p)$/ {
+      fail('"filemode" must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"')
+    }
+    $resource_name = "add_${context}_${pathname}_type_${filemode}"
+    $command       = shellquote('semanage', 'fcontext','-a', '-f', $filemode, '-t', $context, $pathname)
+    $unless        = sprintf('semanage fcontext -E | grep -Fx %s', shellquote("fcontext -a -f ${filemode} -t ${context} '${pathname}'"))
+  }
+
+  Exec {
+    path => '/bin:/sbin:/usr/bin:/usr/sbin',
   }
 
   exec { $resource_name:
     command => $command,
     unless  => $unless,
-    path    => '/bin:/sbin:/usr/bin:/usr/sbin',
     require => Class['selinux::package'],
   }
 
   if $restorecond {
     exec { "restorecond ${resource_name}":
-      path        => '/bin:/sbin:/usr/bin:/usr/sbin',
-      command     => "restorecon ${restorecond_resurse_private}${restorecond_path_private}",
+      command     => shellquote('restorecon', $restorecond_resurse_private, $restorecond_path_private),
+      onlyif      => shellquote('test', '-e', $restorecond_path_private),
       refreshonly => true,
       subscribe   => Exec[$resource_name],
     }

diff --git a/manifests/module.pp b/manifests/module.pp
@@ -71,10 +71,10 @@
   ~>
   exec { "${sx_mod_dir}/${prefix}${name}.pp":
   # Only allow refresh in the event that the initial .te file is updated.
-    path        => '/sbin:/usr/sbin:/bin:/usr/bin',
+    command     => shellquote('make', '-f', $makefile, "${prefix}${name}.pp"),
+    path        => '/bin:/sbin:/usr/bin:/usr/sbin',
     refreshonly => true,
     cwd         => $sx_mod_dir,
-    command     => "make -f ${makefile} ${prefix}${name}.pp",
   }
   ->
   selmodule { $name:

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -40,6 +40,17 @@
             }
           }
         }
+        'Amazon': {
+          $sx_fs_mount = '/selinux'
+          case $os_maj_release {
+            '4': {
+              $package_name = 'policycoreutils-python'
+            }
+            default: {
+              fail("${::operatingsystem}-${::os_maj_release} is not supported")
+            }
+          }
+        }
         default: {
           case $os_maj_release {
             '7': {

diff --git a/manifests/permissive.pp b/manifests/permissive.pp
@@ -33,8 +33,8 @@
   include ::selinux
 
   exec { "add_${context}":
-    command => "semanage permissive -a ${context}",
-    unless  => "semanage permissive -l|grep ${context}",
+    command => shellquote('semanage', 'permissive', '-a', $context),
+    unless  => sprintf('semanage permissive -l | grep -Fx %s', shellquote($context)),
     path    => '/bin:/sbin:/usr/bin:/usr/sbin',
     require => Class['selinux::package'],
   }

diff --git a/manifests/port.pp b/manifests/port.pp
@@ -45,16 +45,19 @@
 
   if $protocol {
     validate_re($protocol, ['^tcp6?$', '^udp6?$'])
-    $protocol_switch = "-p ${protocol} "
+    $protocol_switch = ['-p', $protocol]
+    $protocol_check = "${protocol} "
     $port_exec_command = "add_${context}_${port}_${protocol}"
   } else {
-    $protocol_switch = undef
+    $protocol_switch = []
+    $protocol_check = '' # lint:ignore:empty_string_assignment variable is used to create regexp and undef is not possible
     $port_exec_command = "add_${context}_${port}"
   }
 
   exec { $port_exec_command:
-    command => "semanage port -a -t ${context} ${protocol_switch}${port}",
-    unless  => "semanage port -l|grep \"^${context}.*${protocol}.*${port}\"|grep -w ${port}",
+    command => shellquote('semanage', 'port', '-a', '-t', $context, $protocol_switch, "${port}"), # lint:ignore:only_variable_string port can be number and we need to force it to be string for shellquote
+    # This works because there seems to be more than one space after protocol and before first port
+    unless  => sprintf('semanage port -l | grep -E %s', shellquote("^${context}  *${protocol_check}.* ${port}(\$|,)")),
     path    => '/bin:/sbin:/usr/bin:/usr/sbin',
     require => Class['selinux::package'],
   }

diff --git a/metadata.json b/metadata.json
@@ -1,34 +1,42 @@
 {
-"name": "puppet-selinux",
-"version": "0.4.1",
-"author": "Vox Pupuli",
-"summary": "This class manages SELinux on RHEL based systems",
-"license": "Apache-2.0",
-"source": "https://github.com/voxpupuli/puppet-selinux",
-"project_page": "https://github.com/voxpupuli/puppet-selinux",
-"issues_url": "https://github.com/voxpupuli/puppet-selinux/issues",
-"operatingsystem_support": [
-  {
-    "operatingsystem": "RedHat",
-    "operatingsystemrelease": [
-      "5",
-      "6",
-      "7"
-    ]
-  },
-  {
-    "operatingsystem": "Fedora",
-    "operatingsystemrelease": [
-      "19",
-      "20",
-      "21",
-      "22",
-      "23",
-      "24"
-    ]
-  }
-],
-"dependencies": [
+  "name": "puppet-selinux",
+  "version": "0.5.0",
+  "author": "Vox Pupuli",
+  "summary": "This class manages SELinux on RHEL based systems",
+  "license": "Apache-2.0",
+  "source": "https://github.com/voxpupuli/puppet-selinux",
+  "project_page": "https://github.com/voxpupuli/puppet-selinux",
+  "issues_url": "https://github.com/voxpupuli/puppet-selinux/issues",
+  "operatingsystem_support": [
+    {
+      "operatingsystem": "RedHat",
+      "operatingsystemrelease": [
+        "5",
+        "6",
+        "7"
+      ]
+    },
+    {
+      "operatingsystem": "Fedora",
+      "operatingsystemrelease": [
+        "19",
+        "20",
+        "21",
+        "22",
+        "23",
+        "24"
+      ]
+    },
+    {
+      "operatingsystem": "Amazon",
+      "operatingsystemrelease": [
+        "5.0",
+        "6.0",
+        "7.0"
+      ]
+    }
+  ],
+  "dependencies": [
     {
       "name": "puppetlabs/stdlib",
       "version_range": ">= 3.0.0"