saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fixes #66252 correct use of egrep to parse semanage output

Browse source
This commit is contained in:
Nick Porter 2024-03-21 13:45:12 +00:00 committed by Daniel Wozniak
parent 6e4f178ba2
commit 983cfe75e3
3 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog/66252.fixed.md Normal file
View file

@ -0,0 +1 @@
Applying `selinux.fcontext_policy_present` to a shorter path than an existing entry now works

2
salt/modules/selinux.py
View file

@ -616,7 +616,7 @@ def _fcontext_add_or_delete_policy(
if "add" == action: if "add" == action:
# need to use --modify if context for name file exists, otherwise ValueError # need to use --modify if context for name file exists, otherwise ValueError
filespec = re.escape(name) filespec = re.escape(name)
cmd = f"semanage fcontext -l | egrep '{filespec}'" cmd = f"semanage fcontext -l | egrep '{filespec} '"
current_entry_text = __salt__["cmd.shell"](cmd, ignore_retcode=True) current_entry_text = __salt__["cmd.shell"](cmd, ignore_retcode=True)
if current_entry_text != "": if current_entry_text != "":
action = "modify" action = "modify"

32
tests/pytests/unit/modules/test_selinux.py
View file

@ -410,3 +410,35 @@ def test_selinux_add_policy_regex(name, sel_type):
mock_cmd_run_all.assert_called_once_with( mock_cmd_run_all.assert_called_once_with(
expected_cmd_run_all, expected_cmd_run_all,
) )
@pytest.mark.parametrize(
"name,sel_type",
(
("/usr/share/munin/plugins/mysql_queries", "services_munin_plugin_exec_t"),
("/usr/share/munin/plugins/mysql_", "unconfined_munin_plugin_exec_t"),
),
)
def test_selinux_add_policy_shorter_path(name, sel_type):
"""
Test adding policy with a shorter path than an existing entry
"""
mock_cmd_shell = MagicMock(return_value={"retcode": 0})
mock_cmd_run_all = MagicMock(return_value={"retcode": 0})
with patch.dict(selinux.__salt__, {"cmd.shell": mock_cmd_shell}), patch.dict(
selinux.__salt__, {"cmd.run_all": mock_cmd_run_all}
):
selinux.fcontext_add_policy(name, sel_type=sel_type)
filespec = re.escape(name)
expected_cmd_shell = f"semanage fcontext -l | egrep '{filespec}'"
mock_cmd_shell.assert_called_once_with(
expected_cmd_shell,
ignore_retcode=True,
)
expected_cmd_run_all = (
f"semanage fcontext --modify --type {sel_type} {filespec}"
)
mock_cmd_run_all.assert_called_once_with(
expected_cmd_run_all,
)