Ensure selinux values are handled lowercase

2025-04-16 09:40:20 +00:00 · 2023-05-24 16:21:11 -06:00 · 2023-05-24 16:21:11 -06:00 · 66185ef0c1
commit 66185ef0c1
parent fae0ebc96b
4 changed files with 14 additions and 13 deletions
--- a/changelog/64318.fixed.md
+++ b/changelog/64318.fixed.md
@ -0,0 +1 @@
+Ensure selinux values are handled lowercase
--- a/salt/modules/selinux.py
+++ b/salt/modules/selinux.py
@ -88,16 +88,16 @@ def getenforce():
    """
    _selinux_fs_path = selinux_fs_path()
    if _selinux_fs_path is None:
-        return "Disabled"
+        return "disabled"
    try:
        enforce = os.path.join(_selinux_fs_path, "enforce")
        with salt.utils.files.fopen(enforce, "r") as _fp:
            if salt.utils.stringutils.to_unicode(_fp.readline()).strip() == "0":
-                return "Permissive"
+                return "permissive"
            else:
-                return "Enforcing"
+                return "enforcing"
    except (OSError, AttributeError):
-        return "Disabled"
+        return "disabled"


 def getconfig():
@ -135,13 +135,13 @@ def setenforce(mode):
    if isinstance(mode, str):
        if mode.lower() == "enforcing":
            mode = "1"
-            modestring = "Enforcing"
+            modestring = "enforcing"
        elif mode.lower() == "permissive":
            mode = "0"
-            modestring = "Permissive"
+            modestring = "permissive"
        elif mode.lower() == "disabled":
            mode = "0"
-            modestring = "Disabled"
+            modestring = "disabled"
        else:
            return "Invalid mode {}".format(mode)
    elif isinstance(mode, int):
@ -153,7 +153,7 @@ def setenforce(mode):
        return "Invalid mode {}".format(mode)

    # enforce file does not exist if currently disabled.  Only for toggling enforcing/permissive
-    if getenforce() != "Disabled":
+    if getenforce() != "disabled":
        enforce = os.path.join(selinux_fs_path(), "enforce")
        try:
            with salt.utils.files.fopen(enforce, "w") as _fp:
--- a/salt/states/selinux.py
+++ b/salt/states/selinux.py
@ -40,11 +40,11 @@ def _refine_mode(mode):
    """
    mode = str(mode).lower()
    if any([mode.startswith("e"), mode == "1", mode == "on"]):
-        return "Enforcing"
+        return "enforcing"
    if any([mode.startswith("p"), mode == "0", mode == "off"]):
-        return "Permissive"
+        return "permissive"
    if any([mode.startswith("d")]):
-        return "Disabled"
+        return "disabled"
    return "unknown"


@ -111,7 +111,7 @@ def mode(name):

    oldmode, mode = mode, __salt__["selinux.setenforce"](tmode)
    if mode == tmode or (
-        tmode == "Disabled" and __salt__["selinux.getconfig"]() == tmode
+        tmode == "disabled" and __salt__["selinux.getconfig"]() == tmode
    ):
        ret["result"] = True
        ret["comment"] = "SELinux has been set to {} mode".format(tmode)
--- a/salt/utils/files.py
+++ b/salt/utils/files.py
@ -175,7 +175,7 @@ def copyfile(source, dest, backup_mode="", cachedir=""):
            policy = salt.modules.selinux.getenforce()
        except (ImportError, CommandExecutionError):
            pass
-        if policy == "Enforcing":
+        if policy == "enforcing":
            with fopen(os.devnull, "w") as dev_null:
                cmd = [rcon, dest]
                subprocess.call(cmd, stdout=dev_null, stderr=dev_null)