module Chef::Util::Selinux

IMPORTANT: We assume that selinux utilities are installed on an selinux enabled server. Provisioning an selinux enabled server without selinux utilities is not supported.

Public Instance Methods

restore_security_context(file_path, recursive = false) click to toggle source
# File lib/chef/util/selinux.rb, line 47
def restore_security_context(file_path, recursive = false)
  if restorecon_path
    restorecon_command = recursive ? "#{restorecon_path} -R -r" : "#{restorecon_path} -R"
    restorecon_command += " \"#{file_path}\""
    Chef::Log.debug("Restoring selinux security content with #{restorecon_command}")
    shell_out!(restorecon_command)
  else
    Chef::Log.warn "Can not find 'restorecon' on the system. Skipping selinux security context restore."
  end
end
selinux_enabled?() click to toggle source
# File lib/chef/util/selinux.rb, line 42
def selinux_enabled?
  @@selinux_enabled = check_selinux_enabled? if @@selinux_enabled.nil?
  @@selinux_enabled
end

Private Instance Methods

check_selinux_enabled?() click to toggle source
# File lib/chef/util/selinux.rb, line 79
def check_selinux_enabled?
  if selinuxenabled_path
    cmd = shell_out!(selinuxenabled_path, :returns => [0,1])
    case cmd.exitstatus
    when 1
      return false
    when 0
      return true
    else
      raise RuntimeError, "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}"
    end
  else
    # We assume selinux is not enabled if selinux utils are not
    # installed.
    return false
  end
end
restorecon_path() click to toggle source
# File lib/chef/util/selinux.rb, line 60
def restorecon_path
  @@restorecon_path = which("restorecon") if @@restorecon_path.nil?
  @@restorecon_path
end
selinuxenabled_path() click to toggle source
# File lib/chef/util/selinux.rb, line 65
def selinuxenabled_path
  @@selinuxenabled_path = which("selinuxenabled") if @@selinuxenabled_path.nil?
  @@selinuxenabled_path
end
which(cmd) click to toggle source
# File lib/chef/util/selinux.rb, line 70
def which(cmd)
  paths = ENV['PATH'].split(File::PATH_SEPARATOR) + [ '/bin', '/usr/bin', '/sbin', '/usr/sbin' ]
  paths.each do |path|
    filename = File.join(path, cmd)
    return filename if File.executable?(filename)
  end
  false
end