44 lines
1.1 KiB
Ruby
44 lines
1.1 KiB
Ruby
module SELinux
|
|
module Cookbook
|
|
module StateHelpers
|
|
def selinux_disabled?
|
|
selinux_state.eql?(:disabled)
|
|
end
|
|
|
|
def selinux_enforcing?
|
|
selinux_state.eql?(:enforcing)
|
|
end
|
|
|
|
def selinux_permissive?
|
|
selinux_state.eql?(:permissive)
|
|
end
|
|
|
|
def state_change_reboot_required?
|
|
(selinux_disabled? && %i(enforcing permissive).include?(action)) || ((selinux_enforcing? || selinux_permissive?) && action == :disabled)
|
|
end
|
|
|
|
def selinux_state
|
|
state = shell_out!('getenforce').stdout.strip.downcase.to_sym
|
|
raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state)
|
|
|
|
state
|
|
end
|
|
|
|
def selinux_activate_required?
|
|
return false unless platform_family?('debian')
|
|
|
|
!File.read('/etc/default/grub').match?('security=selinux')
|
|
end
|
|
|
|
def default_policy_platform
|
|
case node['platform_family']
|
|
when 'rhel', 'fedora', 'amazon'
|
|
'targeted'
|
|
when 'debian'
|
|
'default'
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|