Merge pull request #360 from jcpunk/fcontext-equiv

Add param for selinux::fcontext::equivalence elements
voxpupuli · Dec 11, 2022 · a86522f · a86522f
2 parents bc44acf + 25ffabc
commit a86522f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 8 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -27,6 +27,7 @@
 # @param default_builder which builder to use by default with selinux::module
 # @param boolean Hash of selinux::boolean resource parameters
 # @param fcontext Hash of selinux::fcontext resource parameters
+# @param fcontext_equivalence Hash of selinux::fcontext::equivalence resource parameters
 # @param module Hash of selinux::module resource parameters
 # @param permissive Hash of selinux::module resource parameters
 # @param port Hash of selinux::port resource parameters
@@ -49,12 +50,13 @@
   Stdlib::Absolutepath $module_build_root                     = "${facts['puppet_vardir']}/puppet-selinux",
   Enum['refpolicy', 'simple'] $default_builder                = 'simple',
 
-  Optional[Hash] $boolean         = undef,
-  Optional[Hash] $fcontext        = undef,
-  Optional[Hash] $module          = undef,
-  Optional[Hash] $permissive      = undef,
-  Optional[Hash] $port            = undef,
-  Optional[Hash] $exec_restorecon = undef,
+  Optional[Hash] $boolean              = undef,
+  Optional[Hash] $fcontext             = undef,
+  Optional[Hash] $fcontext_equivalence = undef,
+  Optional[Hash] $module               = undef,
+  Optional[Hash] $permissive           = undef,
+  Optional[Hash] $port                 = undef,
+  Optional[Hash] $exec_restorecon      = undef,
   Hash[String[1],Hash[String[1],String[1]]] $login = {},
 ) {
   class { 'selinux::package':
@@ -79,6 +81,9 @@
   if $fcontext {
     create_resources ( 'selinux::fcontext', $fcontext )
   }
+  if $fcontext_equivalence {
+    create_resources ( 'selinux::fcontext::equivalence', $fcontext_equivalence )
+  }
   if $module {
     create_resources ( 'selinux::module', $module )
   }

diff --git a/spec/classes/selinux_spec.rb b/spec/classes/selinux_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'spec_helper'
 
 describe 'selinux' do
@@ -25,8 +27,8 @@
         let(:params) do
           {
             module: {
-              'mymodule1' =>  { 'source_te' => 'dummy' },
-              'mymodule2' =>  { 'source_te' => 'dummy' }
+              'mymodule1' => { 'source_te' => 'dummy' },
+              'mymodule2' => { 'source_te' => 'dummy' }
             }
           }
         end
@@ -84,13 +86,19 @@
               'myfcontext1'    => { 'seltype' => 'mysqld_log_t', 'pathspec' => '/u01/log/mysql(/.*)?' },
               'myfcontext2'    => { 'seltype' => 'mysqld_log_t', 'pathspec' => '/u02/log/mysql(/.*)?' },
               '/path/spec(.*)' => { 'seltype' => 'mysqld_log_t', 'pathspec' => '/path/spec(.*)' }
+            },
+            fcontext_equivalence: {
+              'myequiv1' => { 'target' => '/home', 'path' => '/test', },
+              '/example' => { 'target' => '/usr' },
             }
           }
         end
 
         it { is_expected.to contain_selinux__fcontext('myfcontext1') }
         it { is_expected.to contain_selinux__fcontext('myfcontext2') }
         it { is_expected.to contain_selinux__fcontext('/path/spec(.*)') }
+        it { is_expected.to contain_selinux__fcontext__equivalence('myequiv1') }
+        it { is_expected.to contain_selinux__fcontext__equivalence('/example') }
       end
     end
   end