Simplify the #write_selinux method

Trusting in the Y2Security::Selinux#save without performing additional checks.
yast · Feb 14, 2021 · 62cf0bd · 62cf0bd
1 parent 87c2654
commit 62cf0bd
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 33 deletions.
diff --git a/src/modules/Security.rb b/src/modules/Security.rb
@@ -566,18 +566,8 @@ def write_shadow_config
     #
     # @return true on success
     def write_selinux
-      return if @Settings["SELINUX_MODE"].to_s.empty?
-
       selinux_config.mode = @Settings["SELINUX_MODE"]
-
-      # Y2Security::Selinux.mode= fallbacks to the "Disabled" mode when wrong value is given.
-      # In consequence, let's check that the mode still being the same before saving it.
-      if selinux_config.mode.id.to_s != @Settings["SELINUX_MODE"]
-        log.info("The set SELinux mode does not match with the requested one. Not saving it.")
-        false
-      else
-        selinux_config.save
-      end
+      selinux_config.save
     end
 
 

diff --git a/test/security_test.rb b/test/security_test.rb
@@ -241,36 +241,23 @@ def enabled?
     end
 
     describe "#write_selinux" do
-      before do
-        allow(subject.selinux_config).to receive(:mode).and_return(selinux_mode)
+      let(:requested_mode) { "enforcing" }
 
+      before do
+        allow(subject.selinux_config).to receive(:save)
         subject.Settings["SELINUX_MODE"] = requested_mode
       end
 
-      context "when SELinux mode is the same than requested" do
-        let(:requested_mode) { "permissive" }
-        let(:selinux_mode) { Y2Security::Selinux::Mode.find(:permissive) }
+      it "sets the SELinux mode" do
+        expect(subject.selinux_config).to receive(:mode=).with(requested_mode)
 
-        it "saves the selinux config" do
-          expect(subject.selinux_config).to receive(:save)
-
-          subject.write_selinux
-        end
+        subject.write_selinux
       end
 
-      context "when SELinux mode is NOT the same than requested" do
-        let(:requested_mode) { "whatever" }
-        let(:selinux_mode) { Y2Security::Selinux::Mode.find(:disabled) }
+      it "saves the selinux config" do
+        expect(subject.selinux_config).to receive(:save)
 
-        it "returns false" do
-          expect(subject.write_selinux).to eq(false)
-        end
-
-        it "does not save the selinux config" do
-          expect(subject.selinux_config).to_not receive(:save)
-
-          subject.write_selinux
-        end
+        subject.write_selinux
       end
     end