Only need to alter modesting which is written to SELinux config file

2025-04-17 10:10:20 +00:00 · 2023-05-31 14:01:39 -06:00 · 2023-05-31 14:01:39 -06:00 · d49dc61788
commit d49dc61788
parent f4a2f1f800
3 changed files with 21 additions and 23 deletions
--- a/salt/modules/selinux.py
+++ b/salt/modules/selinux.py
@ -88,16 +88,16 @@ def getenforce():
    """
    _selinux_fs_path = selinux_fs_path()
    if _selinux_fs_path is None:
-        return "disabled"
+        return "Disabled"
    try:
        enforce = os.path.join(_selinux_fs_path, "enforce")
        with salt.utils.files.fopen(enforce, "r") as _fp:
            if salt.utils.stringutils.to_unicode(_fp.readline()).strip() == "0":
-                return "permissive"
+                return "Permissive"
            else:
-                return "enforcing"
+                return "Enforcing"
    except (OSError, AttributeError):
-        return "disabled"
+        return "Disabled"


 def getconfig():
@ -153,7 +153,7 @@ def setenforce(mode):
        return "Invalid mode {}".format(mode)

    # enforce file does not exist if currently disabled.  Only for toggling enforcing/permissive
-    if getenforce() != "disabled":
+    if getenforce() != "Disabled":
        enforce = os.path.join(selinux_fs_path(), "enforce")
        try:
            with salt.utils.files.fopen(enforce, "w") as _fp:
--- a/salt/states/selinux.py
+++ b/salt/states/selinux.py
@ -40,11 +40,11 @@ def _refine_mode(mode):
    """
    mode = str(mode).lower()
    if any([mode.startswith("e"), mode == "1", mode == "on"]):
-        return "enforcing"
+        return "Enforcing"
    if any([mode.startswith("p"), mode == "0", mode == "off"]):
-        return "permissive"
+        return "Permissive"
    if any([mode.startswith("d")]):
-        return "disabled"
+        return "Disabled"
    return "unknown"


@ -111,7 +111,7 @@ def mode(name):

    oldmode, mode = mode, __salt__["selinux.setenforce"](tmode)
    if mode == tmode or (
-        tmode == "disabled" and __salt__["selinux.getconfig"]() == tmode
+        tmode == "Disabled" and __salt__["selinux.getconfig"]() == tmode
    ):
        ret["result"] = True
        ret["comment"] = "SELinux has been set to {} mode".format(tmode)
--- a/tests/pytests/unit/states/test_selinux.py
+++ b/tests/pytests/unit/states/test_selinux.py
@ -7,8 +7,6 @@ import pytest
 import salt.states.selinux as selinux
 from tests.support.mock import MagicMock, patch

-pytestmark = [pytest.mark.skip_unless_on_linux]
-

@pytest.fixture
 def configure_loader_modules():
@ -28,8 +26,8 @@ def test_mode():
    }
    assert selinux.mode("unknown") == ret

-    mock_en = MagicMock(return_value="enforcing")
-    mock_pr = MagicMock(side_effect=["permissive", "enforcing"])
+    mock_en = MagicMock(return_value="Enforcing")
+    mock_pr = MagicMock(side_effect=["Permissive", "Enforcing"])
    with patch.dict(
        selinux.__salt__,
        {
@ -38,33 +36,33 @@ def test_mode():
            "selinux.setenforce": mock_pr,
        },
    ):
-        comt = "SELinux is already in enforcing mode"
-        ret = {"name": "enforcing", "comment": comt, "result": True, "changes": {}}
+        comt = "SELinux is already in Enforcing mode"
+        ret = {"name": "Enforcing", "comment": comt, "result": True, "changes": {}}
        assert selinux.mode("Enforcing") == ret

        with patch.dict(selinux.__opts__, {"test": True}):
-            comt = "SELinux mode is set to be changed to permissive"
+            comt = "SELinux mode is set to be changed to Permissive"
            ret = {
-                "name": "permissive",
+                "name": "Permissive",
                "comment": comt,
                "result": None,
-                "changes": {"new": "permissive", "old": "enforcing"},
+                "changes": {"new": "Permissive", "old": "Enforcing"},
            }
            assert selinux.mode("Permissive") == ret

        with patch.dict(selinux.__opts__, {"test": False}):
-            comt = "SELinux has been set to permissive mode"
+            comt = "SELinux has been set to Permissive mode"
            ret = {
-                "name": "permissive",
+                "name": "Permissive",
                "comment": comt,
                "result": True,
-                "changes": {"new": "permissive", "old": "enforcing"},
+                "changes": {"new": "Permissive", "old": "Enforcing"},
            }
            assert selinux.mode("Permissive") == ret

-            comt = "Failed to set SELinux to permissive mode"
+            comt = "Failed to set SELinux to Permissive mode"
            ret.update(
-                {"name": "permissive", "comment": comt, "result": False, "changes": {}}
+                {"name": "Permissive", "comment": comt, "result": False, "changes": {}}
            )
            assert selinux.mode("Permissive") == ret