Merge pull request #145 from yast/selinux_proposal-update

Update the SELinux proposal

package/yast2-firewall.spec

@@ -29,7 +29,7 @@ Source0:        %{name}-%{version}.tar.bz2
 BuildRequires:  update-desktop-files
 BuildRequires:  yast2-devtools >= 4.2.2
 # for proposing selinux
-BuildRequires:  yast2-security >= 4.2.15
+BuildRequires:  yast2-security >= 4.2.16
 # Removed zone name from common attributes definition
 BuildRequires:  yast2 >= 4.1.67
 BuildRequires:  rubygem(%rb_default_ruby_abi:yast-rake)

src/lib/y2firewall/clients/proposal.rb

@@ -225,7 +225,7 @@ def selinux_proposal
         return nil unless @settings.selinux_config.configurable?
 
         _(
-          "Selinux Default Policy is %s"
+          "Selinux Default Mode is %s"
         ) % @settings.selinux_config.mode.to_human_string
       end
     end

src/lib/y2firewall/dialogs/proposal.rb

@@ -41,9 +41,10 @@ def title
       end
 
       def contents
-        res = VBox(firewall_ssh_content)
-        res.params << selinux_content if selinux_configurable?
-        res
+        content = [firewall_ssh_content]
+        content << selinux_content if selinux_configurable?
+
+        VBox(*content)
       end
 
       def abort_button
@@ -91,7 +92,7 @@ def selinux_content
             0.5,
             0.5,
             VBox(
-              Widgets::SelinuxPolicy.new(@settings)
+              Widgets::SelinuxMode.new(@settings)
             )
           )
         )

src/lib/y2firewall/proposal_settings.rb

@@ -22,7 +22,7 @@
 require "yast"
 
 Yast.import "UsersSimple"
-require "y2security/selinux_config"
+require "y2security/selinux"
 
 module Y2Firewall
   # Class that stores the proposal settings for firewalld during installation.
@@ -40,7 +40,6 @@ class ProposalSettings
     attr_accessor :open_vnc
     # [String] Name of the default zone where perform the changes
     attr_accessor :default_zone
-    attr_accessor :selinux_config
 
     # Constructor
     def initialize
@@ -124,10 +123,14 @@ def close_vnc!
       self.open_vnc = false
     end
 
-    # @return [Y2Security::SelinuxConfig] selinux configuration. Only temporary for SLE15 SP2,
-    # for newer code streams it lives in security_setttings in yast2-installation.
+    # Returns a SELinux configuration handler
+    #
+    # @note this is here only for SLE-15-SP2 and derivated products. Newer code
+    #   streams will have it in the yast2-installation -> security settings
+    #
+    # @return [Y2Security::Selinux] the SELinux config handler
     def selinux_config
-      @selinux_config ||= Y2Security::SelinuxConfig.new
+      @selinux_config ||= Y2Security::Selinux.new
     end
 
   private

src/lib/y2firewall/widgets/proposal.rb

@@ -201,16 +201,16 @@ def help
       end
     end
 
-    # widget to set selinux policy
-    class SelinuxPolicy < CWM::ComboBox
+    # Widget to set SELinux mode
+    class SelinuxMode < CWM::ComboBox
       def initialize(settings)
         textdomain "firewall"
 
         @settings = settings
       end
 
       def label
-        _("SELinux Policy")
+        _("SELinux Mode")
       end
 
       def items

test/lib/y2firewall/clients/installation_finish_test.rb

@@ -8,12 +8,10 @@
 describe Y2Firewall::Clients::InstallationFinish do
   before do
     allow_any_instance_of(Y2Firewall::Firewalld::Api).to receive(:running?).and_return(false)
-    allow(Y2Security::SelinuxConfig).to receive(:new).and_return(selinux_config)
   end
 
   let(:proposal_settings) { Y2Firewall::ProposalSettings.instance }
   let(:firewalld) { Y2Firewall::Firewalld.instance }
-  let(:selinux_config) { double("SelinuxConfig", save: true, configurable?: true) }
 
   describe "#title" do
     it "returns translated string" do
@@ -35,7 +33,7 @@
       allow(proposal_settings).to receive(:enable_sshd).and_return(enable_sshd)
       allow(firewalld).to receive(:installed?).and_return(installed)
       allow(proposal_settings).to receive(:open_ssh).and_return(false)
-      allow(proposal_settings).to receive(:selinux_config).and_return(selinux_config)
+      allow(proposal_settings.selinux_config).to receive(:save).and_return(true)
     end
 
     it "enables the sshd service if enabled in the proposal" do
@@ -45,7 +43,7 @@
       subject.write
     end
 
-    it "saves selinux policy" do
+    it "saves selinux config" do
       expect(proposal_settings.selinux_config).to receive(:save)
 
       subject.write

test/lib/y2firewall/dialogs/proposal_test.rb

@@ -25,13 +25,36 @@
 require "y2firewall/dialogs/proposal"
 
 describe Y2Firewall::Dialogs::Proposal do
-  let(:settings) { instance_double("Y2Firewall::ProposalSettings") }
-
   subject { described_class.new(settings) }
 
+  let(:settings) { instance_double("Y2Firewall::ProposalSettings") }
+  let(:selinux_configurable) { false }
+
   before do
-    allow(subject).to receive(:selinux_configurable?).and_return(false)
+    allow(subject).to receive(:selinux_configurable?)
+      .and_return(selinux_configurable)
   end
 
   include_examples "CWM::Dialog"
+
+  describe "#contents" do
+    let(:widgets) { Yast::CWM.widgets_in_contents([subject.contents]) }
+    let(:selinux_mode_widget) { widgets.find { |w| w.is_a?(Y2Firewall::Widgets::SelinuxMode) } }
+
+    context "when SELinux is set to be configurable" do
+      let(:selinux_configurable) { true }
+
+      it "contains the Y2Firewall::Widgets::SelinuxMode content" do
+        expect(selinux_mode_widget).to_not be_nil
+      end
+    end
+
+    context "when SELinux is set to not be configurable" do
+      let(:selinux_configurable) { false }
+
+      it "does not contain the Y2Firewall::Widgets::SelinuxMode content" do
+        expect(selinux_mode_widget).to be_nil
+      end
+    end
+  end
 end

test/lib/y2firewall/proposal_settings_test.rb

@@ -107,14 +107,8 @@
   end
 
   describe "#selinux_config" do
-    let(:selinux_config) { double("Y2Security::SelinuxConfig") }
-
-    before do
-      allow(Y2Security::SelinuxConfig).to receive(:new).and_return(selinux_config)
-    end
-
-    it "returns a SelinuxConfig object" do
-      expect(subject.selinux_config).to eq(selinux_config)
+    it "returns a Y2Security::Selinux instance" do
+      expect(subject.selinux_config).to be_a(Y2Security::Selinux)
     end
   end
 

test/lib/y2firewall/widgets/proposal_test.rb

@@ -30,10 +30,12 @@
 end
 
 describe Y2Firewall::Widgets do
+  let(:selinux_config) { instance_double(Y2Security::Selinux, modes: []) }
+
   let(:proposal_settings) do
     instance_double(
       Y2Firewall::ProposalSettings, enable_firewall: true, enable_sshd: true,
-        open_ssh: true, open_vnc: true
+        open_ssh: true, open_vnc: true, selinux_config: selinux_config
     )
   end
 
@@ -331,15 +333,9 @@
     end
   end
 
-  describe Y2Firewall::Widgets::SelinuxPolicy do
+  describe Y2Firewall::Widgets::SelinuxMode do
     subject { described_class.new(proposal_settings) }
 
-    let(:selinux_config) { instance_double("Y2Security::SelinuxConfig", modes: []) }
-
-    before do
-      allow(proposal_settings).to receive(:selinux_config).and_return(selinux_config)
-    end
-
     include_examples "CWM::ComboBox"
   end
 end

test/test_helper.rb

@@ -35,10 +35,12 @@ def stub_module(name, fake_class = nil)
 end
 
 # stub classes from other modules to speed up a build
-stub_module("AutoInstall", Class.new { def issues_list; []; end })
 # rubocop:disable Style/SingleLineMethods
 # rubocop:disable Style/MethodName
+stub_module("AutoInstall", Class.new { def issues_list; []; end })
 stub_module("UsersSimple", Class.new { def self.GetRootPassword; "secret"; end })
+# rubocop:enable Style/SingleLineMethods
+# rubocop:enable Style/MethodName
 
 # some tests have translatable messages
 ENV["LANG"] = "en_US.UTF-8"