Merge pull request #159 from vinzent/fix_selinux_fact_usage

Fix usage of non-existent $::selinux_enabled fact
voxpupuli · Dec 28, 2016 · d134e73 · d134e73
2 parents 22580ff + c607c09
commit d134e73
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -62,7 +62,7 @@
     # a complete relabeling is required when switching from disabled to
     # permissive or enforcing. Ensure the autorelabel trigger file is created.
     if $mode in ['enforcing','permissive'] and
-      !$::selinux_enabled {
+      !$::selinux {
       file { '/.autorelabel':
         ensure  => 'file',
         owner   => 'root',

diff --git a/spec/classes/selinux_config_mode_spec.rb b/spec/classes/selinux_config_mode_spec.rb
@@ -4,7 +4,12 @@
   on_supported_os.each do |os, facts|
     context "on #{os}" do
       let(:facts) do
-        facts
+        facts.merge(
+          selinux: true,
+          selinux_config_mode: 'enforcing',
+          selinux_config_policy: 'targeted',
+          selinux_current_mode: 'enforcing'
+        )
       end
 
       context 'config' do
@@ -54,15 +59,27 @@
 
         context 'disabled to permissive creates autorelabel trigger file' do
           let(:facts) do
-            facts.merge(selinux_enabled: false)
+            hash = facts.merge(
+              selinux: false
+            )
+            hash.delete(:selinux_config_mode)
+            hash.delete(:selinux_current_mode)
+            hash.delete(:selinux_config_policy)
+            hash
           end
           let(:params) { { mode: 'permissive' } }
           it { is_expected.to contain_file('/.autorelabel').with(ensure: 'file') }
         end
 
         context 'disabled to enforcing creates autorelabel trigger file' do
           let(:facts) do
-            facts.merge(selinux_enabled: false)
+            hash = facts.merge(
+              selinux: false
+            )
+            hash.delete(:selinux_config_mode)
+            hash.delete(:selinux_current_mode)
+            hash.delete(:selinux_config_policy)
+            hash
           end
           let(:params) { { mode: 'enforcing' } }
           it { is_expected.to contain_file('/.autorelabel').with(ensure: 'file') }

diff --git a/spec/default_module_facts.yml b/spec/default_module_facts.yml
@@ -2,10 +2,6 @@
 osfamily: RedHat
 operatingsystem: RedHat
 operatingsystemmajrelease: '7'
-selinux_config_mode: enforcing
-selinux_current_mode: enforcing
-selinux_enabled: true
-selinux_config_policy: targeted
 # concat facts
 id: 0
 path: /tmp