Feature #1327
Add facts for SELinux state
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Low | Due date: | ||
| Assignee: |  Luke Kanies |
% Done: | 0% |
|
| Category: | library | |||
| Target version: | 1.5.5 | |||
| Keywords: | Affected Facter version: | |||
| Branch: | ||||
| Votes: | 0 |
Description
As part of the work I’m doing to add SELinux support to Puppet (http://spook.wpi.edu) it would be very useful if Facter were to have some SELinux facts. At this point, I have identified two facts indicating the overall global state of SELinux of a machine which should be widely useful, both for what configuration settings should be pushed out and for auditing the SELinux state of a machine:
- selinux – whether the machine supports SELinux, and if so, what mode it is in (enforcing, permissive, disabled)
- selinuxpolicy – which policy is loaded (strict, targeted, mls)
I’m attaching a first pass at code for these facts that works for me.
History
Updated by James Turnbull over 4 years ago
Fixed in commit commit:b3962ef307678d1be70ece96a284fdd2d63b064d in master.
Updated by James Turnbull over 4 years ago
Reverted this commit in commit:2b0679994e73518c767c559fd1541767c2d5bad9 in branch master.
Still don’t like this fact and needs some more work.
Updated by Frank Sweetser about 4 years ago
Can you describe what changes you’d like to see before accepting?
Updated by Peter Meier about 4 years ago
beside that’s not yet clear what might be the better way I add our facts which are slightly different but propose more options. I’m willing to merge them together if the needed work is defined to push them to master. Our facts:
:selinux => true/false (is selinux a topic?) :selinux_enabled => true/false (is selinux enabled) :selinux_policyversion => $version of the policy :selinux_mode => targeted/strict (mode of selinux)
Updated by Redmine Admin almost 4 years ago
- Status changed from 1 to Ready For Checkin
Updated by Luke Kanies almost 4 years ago
- Status changed from Ready For Checkin to Needs Decision
Updated by Luke Kanies almost 4 years ago
- Status changed from Needs Decision to Accepted
What’s the state of this code?
Updated by Neil Katin about 3 years ago
I just tested the selinux.rb file on my system; it worked fine for me.
This issue seems fairly idle. Is there any chance it could be merged? Or is there extra work that needs to be done?
Updated by Neil Katin about 3 years ago
- File selinux.rb added
I found a small bug in selinux.rb; it didn’t work properly if the selinux kernel module was loaded, but selinux was disabled.
I mirrored the code that sestatus uses to detect when selinux is enabled (it checks the current context, and makes sure it is not “kernel”).
I’ve attached a new version of selinux.rb with the changes.
Updated by Luke Kanies about 3 years ago
- Target version set to 1.6.0
I’ll get this merged into the next release.
Updated by James Turnbull about 3 years ago
- Status changed from Accepted to Closed
Pushed in commit:e95620215e9f645423d14bd54f16fcba75d90b29 in branch master.
Updated by James Turnbull about 3 years ago
- Target version changed from 1.6.0 to 1.5.5