Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch default behavior to not manage selinux #67

Merged
merged 5 commits into from
Nov 4, 2015
Merged

Switch default behavior to not manage selinux #67

merged 5 commits into from
Nov 4, 2015

Commits on Nov 4, 2015

  1. Rename config_mode spec test so it will get run 

    This renames the `spec/classes/selinux_config_mode.rb` file to the
proper `spec/classes/selinux_config_mode_spec.rb` because otherwise it
never gets run.
    Ryan Whitehurst committed Nov 4, 2015
    Configuration menu
    Copy the full SHA
    9c155bf View commit details
    Browse the repository at this point in the history

  2. Add tests for unmanaged mode 

    These test the behavior when setting `undef` for the `mode` parameter to
the base `selinux` class. The tested behavior is that the module does
not manage the selinux settings at all, leaving the current state the
same.

This is the desired behavior as described in voxpupuli#64, because otherwise
using one of the defined types to manage just a specific selinux rule,
but not manually declaring the `selinux` class and setting the mode
explicitly causes selinux to be disabled. It is confusing (and
undocumented) to use a defined type in a module called `selinux` to set
an selinux rule, and have that result in selinux getting disabled.
    Ryan Whitehurst committed Nov 4, 2015
    Configuration menu
    Copy the full SHA
    4ae52d8 View commit details
    Browse the repository at this point in the history

  3. Add tests for unmanaged type 

    These test the behavior when setting `undef` for the `type` parameter to
the base `selinux` class. The tested behavior is that the module does
not manage the selinux settings at all, leaving the current state the
same.

This is the desired behavior as described in voxpupuli#64, because otherwise
using one of the defined types to manage just a specific selinux rule,
but not manually declaring the `selinux` class causes selinux
configuration to potentially change.
    Ryan Whitehurst committed Nov 4, 2015
    Configuration menu
    Copy the full SHA
    491ec75 View commit details
    Browse the repository at this point in the history

  4. Switch default behavior to not manage selinux 

    This changes the default behavior for the module to not modify selinux
settings unless explicitly told to. This is the desired behavior as
described in voxpupuli#64, because otherwise using one of the defined types to
manage just a specific selinux rule, but not manually declaring the
`selinux` class and setting the mode explicitly causes selinux to be
disabled. It is confusing (and undocumented) to use a defined type in a
module called `selinux` to set an selinux rule, and have that result in
selinux getting disabled.

This changes the default behavior, but it will not change the
configuration of a node in the situation where the node had the class
applied already. However, it will change the behavior in the situation
where the `selinux` class was not included on a node, and then was
switched to being included on the node without any parameters
set (included the situation of a node newly added to Puppet).
    Ryan Whitehurst committed Nov 4, 2015
    Configuration menu
    Copy the full SHA
    20f7ec5 View commit details
    Browse the repository at this point in the history

  5. Update README to reflect default behavior 

    This updates the README with a few minor additions that weren't added,
as well as describing the default behavior.
    Ryan Whitehurst committed Nov 4, 2015
    Configuration menu
    Copy the full SHA
    b078ac4 View commit details
    Browse the repository at this point in the history