module Chef::Util::Selinux
IMPORTANT: We assume that selinux utilities are installed on an selinux enabled server. Provisioning an selinux enabled server without selinux utilities is not supported.
Public Instance Methods
restore_security_context(file_path, recursive = false)
click to toggle source
# File lib/chef/util/selinux.rb, line 47 def restore_security_context(file_path, recursive = false) if restorecon_path restorecon_command = recursive ? "#{restorecon_path} -R -r" : "#{restorecon_path} -R" restorecon_command += " \"#{file_path}\"" Chef::Log.debug("Restoring selinux security content with #{restorecon_command}") shell_out!(restorecon_command) else Chef::Log.warn "Can not find 'restorecon' on the system. Skipping selinux security context restore." end end
selinux_enabled?()
click to toggle source
# File lib/chef/util/selinux.rb, line 42 def selinux_enabled? @@selinux_enabled = check_selinux_enabled? if @@selinux_enabled.nil? @@selinux_enabled end
Private Instance Methods
check_selinux_enabled?()
click to toggle source
# File lib/chef/util/selinux.rb, line 79 def check_selinux_enabled? if selinuxenabled_path cmd = shell_out!(selinuxenabled_path, :returns => [0,1]) case cmd.exitstatus when 1 return false when 0 return true else raise RuntimeError, "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}" end else # We assume selinux is not enabled if selinux utils are not # installed. return false end end
restorecon_path()
click to toggle source
# File lib/chef/util/selinux.rb, line 60 def restorecon_path @@restorecon_path = which("restorecon") if @@restorecon_path.nil? @@restorecon_path end
selinuxenabled_path()
click to toggle source
# File lib/chef/util/selinux.rb, line 65 def selinuxenabled_path @@selinuxenabled_path = which("selinuxenabled") if @@selinuxenabled_path.nil? @@selinuxenabled_path end
which(cmd)
click to toggle source
# File lib/chef/util/selinux.rb, line 70 def which(cmd) paths = ENV['PATH'].split(File::PATH_SEPARATOR) + [ '/bin', '/usr/bin', '/sbin', '/usr/sbin' ] paths.each do |path| filename = File.join(path, cmd) return filename if File.executable?(filename) end false end