Merge pull request #87 from yast/refactor-selinux-config

Refactor Y2Security::SelinuxConfig (now Y2Security::Selinux)
yast · Feb 11, 2021 · 7c23e55 · 7c23e55
2 parents 293df2e + 5c344ad
commit 7c23e55
Show file tree

Hide file tree

Showing 8 changed files with 894 additions and 507 deletions.
diff --git a/package/yast2-security.changes b/package/yast2-security.changes
@@ -1,8 +1,16 @@
+-------------------------------------------------------------------
+Thu Feb 11 00:25:33 UTC 2021 - David Diaz <dgonzalez@suse.com>
+
+- Improve the class for handling the SELinux configuration.
+- Saves the SELinux mode in the configuration file (jsc#SMO-20,
+  jsc#SLE-17342).
+- 4.2.16
+
 -------------------------------------------------------------------
 Wed Feb  3 09:29:36 UTC 2021 - David Diaz <dgonzalez@suse.com>
 
 - Add class for managing SELinux configuration at boot time
-  (jsc#SLE-17427)
+  (jsc#SMO-20, jsc#SLE-17342).
 - 4.2.15
 
 -------------------------------------------------------------------

diff --git a/package/yast2-security.spec b/package/yast2-security.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-security
-Version:        4.2.15
+Version:        4.2.16
 Release:        0
 Group:          System/YaST
 License:        GPL-2.0-only
@@ -32,12 +32,14 @@ BuildRequires:  perl-XML-Writer
 BuildRequires:  update-desktop-files
 BuildRequires:  yast2-pam
 BuildRequires:  yast2-devtools >= 4.2.2
-# Y2Security::SelinuxConfig requires Yast::Bootloader
+# Y2Security::Selinux requires Yast::Bootloader
 BuildRequires:  yast2-bootloader
 BuildRequires:  rubygem(%{rb_default_ruby_abi}:yast-rake) >= 0.2.5
 BuildRequires:  rubygem(%{rb_default_ruby_abi}:rspec)
 # CFA::SysctlConfig
 BuildRequires:  yast2 >= 4.2.66
+# CFA::Selinux
+BuildRequires:  augeas-lenses
 # Unfortunately we cannot move this to macros.yast,
 # bcond within macros are ignored by osc/OBS.
 %bcond_with yast_run_ci_tests
@@ -50,8 +52,10 @@ Requires:       yast2-pam >= 2.14.0
 # CFA::SysctlConfig
 Requires:       yast2 >= 4.2.66
 Requires:       yast2-ruby-bindings >= 1.0.0
-# Y2Security::SelinuxConfig requires Yast::Bootloader
-BuildRequires:  yast2-bootloader
+# Y2Security::Selinux requires Yast::Bootloader
+Requires:       yast2-bootloader
+# CFA::Selinux
+Requires:       augeas-lenses
 
 Provides:       y2c_sec yast2-config-security
 Provides:       yast2-trans-security y2t_sec

diff --git a/src/lib/cfa/selinux.rb b/src/lib/cfa/selinux.rb
@@ -0,0 +1,79 @@
+# Copyright (c) [2021] SUSE LLC
+#
+# All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as published
+# by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, contact SUSE LLC.
+#
+# To contact SUSE LLC about this file by physical or electronic mail, you may
+# find current contact information at www.suse.com.
+
+require "yast"
+require "cfa/base_model"
+require "yast2/target_file"
+
+module CFA
+  # CFA based class to handle the SELinux configuration file
+  #
+  # @example Reading a value
+  #   file = CFA::Selinux.new
+  #   file.load
+  #   file.selinux #=> "enforcing"
+  #
+  # @example Writing a value
+  #   file = CFA::Selinux.new
+  #   file.selinux = "permissive"
+  #   file.save
+  #
+  # @example Loading shortcut
+  #   file = CFA::Selinux.load
+  #   file.selinux #=> "enforcing"
+  class Selinux < BaseModel
+    attributes(
+      selinux: "SELINUX"
+    )
+
+    # Instantiates and loads a file
+    #
+    # This method is basically a shortcut to instantiate and load the content in just one call.
+    #
+    # @param file_handler [#read,#write] something able to read/write a string (like File)
+    # @param file_path    [String] File path
+    # @return [Selinux] File with the already loaded content
+    def self.load(file_handler: Yast::TargetFile, file_path: PATH)
+      new(file_path: file_path, file_handler: file_handler).tap(&:load)
+    end
+
+    # Constructor
+    #
+    # @param file_handler [#read,#write] something able to read/write a string (like File)
+    # @param file_path    [String] File path
+    #
+    # @see CFA::BaseModel#initialize
+    def initialize(file_handler: Yast::TargetFile, file_path: PATH)
+      super(AugeasParser.new(LENS), file_path, file_handler: file_handler)
+    end
+
+    private
+
+    # Default path to the SELinux config file
+    PATH = "/etc/selinux/config".freeze
+    private_constant :PATH
+
+    # The lens to be used by Augeas parser
+    #
+    # @note uses the simplevars lens instead of semanage because the latest is only available from
+    #   augeas-lenses >= 1.12. See https://github.com/hercules-team/augeas/pull/594/files
+    LENS = "simplevars.lns".freeze
+    private_constant :LENS
+  end
+end