kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/cookbooks/selinux/libraries/state.rb
Greg Karékinian 6116729907 Set up Redis using the latest version of redisio 
This replaces the deprecated redis cookbook. Compiles the latest version
of Redis, currently 7.0.11

Refs #488
2023-06-19 16:02:58 +02:00

61 lines
1.7 KiB
Ruby
Raw Blame History

module SELinux
module Cookbook
module StateHelpers
def selinux_disabled?
selinux_state.eql?(:disabled)
end
def selinux_enforcing?
selinux_state.eql?(:enforcing)
end
def selinux_permissive?
selinux_state.eql?(:permissive)
end
def state_change_reboot_required?
(selinux_disabled? && %i(enforcing permissive).include?(action)) ||
((selinux_enforcing? || selinux_permissive?) && action == :disabled) ||
(selinux_activate_required? && %i(enforcing permissive).include?(action))
end
def selinux_state
state = shell_out!('getenforce').stdout.strip.downcase.to_sym
raise "Got unknown SELinux state #{state}" unless %i(disabled enforcing permissive).include?(state)
state
end
def selinux_activate_required?
return false unless platform_family?('debian')
sestatus = shell_out!('sestatus -v').stdout.strip
# Ensure we're booted up to a system which has selinux activated and filesystem is properly labeled
if File.read('/proc/cmdline').match?('security=selinux') && sestatus.match?(%r{/usr/sbin/sshd.*sshd_exec_t})
false
else
true
end
end
def selinux_activate_cmd
# selinux-activate is semi-broken on Ubuntu 18.04 however this method does work
if platform?('ubuntu') && node['platform_version'] == '18.04'
'touch /.autorelabel'
else
'/usr/sbin/selinux-activate'
end
end
def default_policy_platform
case node['platform_family']
when 'rhel', 'fedora', 'amazon'
'targeted'
when 'debian'
'default'
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink