Changes based on CR.

yast · Dec 27, 2021 · 7fc8398 · 7fc8398
1 parent e8b7251
commit 7fc8398
Show file tree

Hide file tree

Showing 4 changed files with 65 additions and 17 deletions.
diff --git a/src/lib/installation/clients/security_finish.rb b/src/lib/installation/clients/security_finish.rb
@@ -84,7 +84,7 @@ def write
           "/usr/bin/chkstat --system --set")
         log.info("updating capabilities: #{res}")
 
-        # Write down selinux configuration
+        # Write down the Linux Security Module configuration
         settings.lsm_config.save
 
         true

diff --git a/src/lib/installation/clients/security_proposal.rb b/src/lib/installation/clients/security_proposal.rb
@@ -238,20 +238,33 @@ def polkit_default_priv_proposal
         format(_("PolicyKit Default Privileges: %s"), human_value)
       end
 
+      # Returns the text describing the Linux Security Module proposal or nil in case that there is
+      # no module selected explicitly.
+      #
+      # @return [String, nil] returns the description of the selected LSM or nil in case no module
+      #   is selected explicitly
       def lsm_proposal
         return nil unless @settings.lsm_config.configurable?
 
         # add required patterns
         log.info("Setting LSM resolvables to : #{@settings.lsm_config.needed_patterns}")
         Yast::PackagesProposal.SetResolvables("LSM", :pattern, @settings.lsm_config.needed_patterns)
-        case @settings.lsm_config.selected&.id
+        selected = @settings.lsm_config.selected
+        case selected&.id
         when :selinux
-          _(
-            "Linux Security Module: Activate SELinux in '%s' mode"
-          ) % @settings.lsm_config.selinux.mode.to_human_string
+          # TRANSLATORS: Proposal's text describing that the active Linux Security Major Module
+          # after the installation will be SELinux running in the selected mode which could be
+          # 'enforcing', 'permissive' or 'disabled'
+          format(_(
+                   "Linux Security Module: Activate %{module}s in '%{mode}' mode"
+          ), module: selected.label, mode: selected.mode.to_human_string)
         when :apparmor
-          _("Linux Security Module: Activate AppArmor")
+          # TRANSLATORS: Proposal's text describing that the active Linux Security Major Module
+          # after the installation will be AppArmor
+          format(_("Linux Security Module: Activate %{module}"), module: selected.label)
         when :none
+          # TRANSLATORS: Proposal's text describing that no Linux Security Major Module will be
+          # activated after the installation
           _("Linux Security Module: No major module will be activated")
         end
       end

diff --git a/src/lib/installation/widgets/lsm.rb b/src/lib/installation/widgets/lsm.rb
@@ -1,33 +1,70 @@
+# ------------------------------------------------------------------------------
+# Copyright (c) 2021 SUSE LLC, All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it under
+# the terms of version 2 of the GNU General Public License as published by the
+# Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+#
+# ------------------------------------------------------------------------------
+
 require "yast"
 require "cwm/custom_widget"
 require "cwm/replace_point"
 require "cwm/common_widgets"
 require "installation/widgets/selinux_mode"
+require "installation/security_settings"
+require "y2security/lsm/config"
 
 Yast.import "HTML"
 
 module Installation
   module Widgets
+    # This widget contents a selector for choosing between the supported Linux Security Major
+    # Modules during installation.
+    #
+    # @note the selinux module will show also a selector for choosing the SELinux mode to be used
+    #   after the system is booted
     class LSM < CWM::CustomWidget
       attr_accessor :settings
 
+      # Constructor
+      #
+      # @param settings [Installation::SecuritySettings]
       def initialize(settings)
         @settings = settings
         self.handle_all_events = true
       end
 
+      # @see CWM::CustomWidget#init
       def init
         lsm_selector_widget.init
         refresh
       end
 
+      # @see CWM::CustomWidget#contents
       def contents
         VBox(
           lsm_selector_widget,
           Left(replace_widget)
         )
       end
 
+      # It refresh the widget content dinamically when the selection of the LSM is modified
+      #
+      # @param event [Hash] a UI event
+      def handle(event)
+        return if event["ID"] != lsm_selector_widget.widget_id
+
+        refresh
+        nil
+      end
+
+    private
+
       def replace_widget
         @replace_widget ||= CWM::ReplacePoint.new(id: "lsm_widget", widget: empty_lsm_widget)
       end
@@ -44,15 +81,7 @@ def selinux_widget
         @selinux_widget ||= SelinuxMode.new(settings.lsm_config.selinux)
       end
 
-      def handle(event)
-        return if event["ID"] != lsm_selector_widget.widget_id
-
-        refresh
-        nil
-      end
-
-    private
-
+      # When the selected LSM is SELinux it shows the widget for selecting the SELinux mode
       def refresh
         case lsm_selector_widget.value
         when "selinux" then replace_widget.replace(selinux_widget)
@@ -62,9 +91,14 @@ def refresh
       end
     end
 
+    # This class is a ComboBox for selecting the desired Linux Security Module to be used after the
+    # instalaltion
     class LSMSelector < CWM::ComboBox
       attr_reader :settings
 
+      # Constructor
+      #
+      # @param settings [Y2Security::LSM::Config]
       def initialize(settings)
         textdomain "installation"
 
@@ -80,7 +114,7 @@ def opt
       end
 
       def label
-        # TRANSLATORS: SELinux Mode just SELinux is already content of frame.
+        # TRANSLATORS: Linux Security Module Selector label.
         _("Selected Module")
       end
 
@@ -94,6 +128,7 @@ def store
 
       def help
         Yast::HTML.Para(
+          # TRANSLATORS: Linux Security Module Selector help.
           _("Allows to choose between available Linux Security major modules like:") +
           Yast::HTML.List(available_modules.map(&:label))
         )

diff --git a/test/lib/clients/security_proposal_test.rb b/test/lib/clients/security_proposal_test.rb
@@ -137,7 +137,7 @@
     end
 
     context "when LSM is configurable" do
-      it "contains in proposal LSM configuration" do
+      it "contains the LSM configuration" do
         allow(proposal_settings.lsm_config).to receive(:configurable?)
           .and_return(true)
         allow(Yast::Bootloader).to receive(:kernel_param).and_return(:missing)