fcontext: handle also filetype=false

- previously bad filemode did not fail in manifest - change error message to contain actual setting
voxpupuli · Sep 4, 2016 · 05cd618 · 05cd618
1 parent 42bb23a
commit 05cd618
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/manifests/fcontext.pp b/manifests/fcontext.pp
@@ -104,15 +104,14 @@
     fail('Resource cannot contain both "equals" and "filetype" options')
   }
 
-  if $filetype and $filemode !~ /^(?:a|f|d|c|b|s|l|p)$/ {
-    fail('file mode must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"')
-  }
-
   if $equals {
     $resource_name = "add_${destination}_${pathname}"
     $command       = shellquote('semanage', 'fcontext','-a', '-e', $destination, $pathname)
     $unless        = sprintf('semanage fcontext -l | grep -Fx %s', shellquote("${pathname} = ${destination}"))
   } else {
+    if $filemode !~ /^(?:a|f|d|c|b|s|l|p)$/ {
+      fail('"filemode" must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"')
+    }
     $resource_name = "add_${context}_${pathname}_type_${filemode}"
     $command       = shellquote('semanage', 'fcontext','-a', '-f', $filemode, '-t', $context, $pathname)
     $unless        = sprintf('semanage fcontext -E | grep -Fx %s', shellquote("fcontext -a -f ${filemode} -t ${context} '${pathname}'"))

diff --git a/spec/defines/selinux_fcontext_spec.rb b/spec/defines/selinux_fcontext_spec.rb
@@ -18,6 +18,18 @@
     it { expect { is_expected.to compile }.to raise_error(%r{is not an absolute path}) }
   end
 
+  context 'invalid filemode with filetype false' do
+    let(:params) do
+      {
+        pathname: '/tmp/file1',
+        filetype: false,
+        filemode: 'X',
+        context: 'user_home_dir_t'
+      }
+    end
+    it { expect { is_expected.to compile }.to raise_error(%r{"filemode" must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"}) }
+  end
+
   context 'invalid filetype' do
     let(:params) do
       {
@@ -27,7 +39,7 @@
         context: 'user_home_dir_t'
       }
     end
-    it { expect { is_expected.to compile }.to raise_error(%r{file mode must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"}) }
+    it { expect { is_expected.to compile }.to raise_error(%r{"filemode" must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"}) }
   end
 
   context 'invalid multiple filetype' do
@@ -39,7 +51,7 @@
         context: 'user_home_dir_t'
       }
     end
-    it { expect { is_expected.to compile }.to raise_error(%r{file mode must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"}) }
+    it { expect { is_expected.to compile }.to raise_error(%r{"filemode" must be one of: a,f,d,c,b,s,l,p - see "man semanage-fcontext"}) }
   end
 
   context 'equals and filetype' do