SELINUXTYPE should not be changed

Without the `=`, SELINUXTYPE is also being matched in the /etc/sysconfig/selinux file is being removed. Also add `changes` to the result in the selinux state
2025-04-17 10:10:20 +00:00 · 2016-12-13 12:22:18 -06:00 · 2016-12-13 12:22:18 -06:00 · 96eabd4939
commit 96eabd4939
parent 7546760eb3
2 changed files with 6 additions and 2 deletions
--- a/salt/modules/selinux.py
+++ b/salt/modules/selinux.py
@ -134,7 +134,7 @@ def setenforce(mode):
            conf = _cf.read()
        try:
            with salt.utils.fopen(config, 'w') as _cf:
-                conf = re.sub(r"\nSELINUX.*\n", "\nSELINUX=" + modestring + "\n", conf)
+                conf = re.sub(r"\nSELINUX=.*\n", "\nSELINUX=" + modestring + "\n", conf)
                _cf.write(conf)
        except (IOError, OSError) as exc:
            msg = 'Could not write SELinux config file: {0}'
--- a/salt/states/selinux.py
+++ b/salt/states/selinux.py
@ -104,12 +104,16 @@ def mode(name):
        ret['comment'] = 'SELinux mode is set to be changed to {0}'.format(
                tmode)
        ret['result'] = None
+        ret['changes'] = {'old': mode,
+                          'new': tmode}
        return ret

-    mode = __salt__['selinux.setenforce'](tmode)
+    oldmode, mode = mode, __salt__['selinux.setenforce'](tmode)
    if mode == tmode:
        ret['result'] = True
        ret['comment'] = 'SELinux has been set to {0} mode'.format(tmode)
+        ret['changes'] = {'old': oldmode,
+                          'new': mode}
        return ret
    ret['comment'] = 'Failed to set SELinux to {0} mode'.format(tmode)
    return ret