diff options
author | David Ashby <delta.mu.alpha@gmail.com> | 2017-11-22 15:56:56 -0500 |
---|---|---|
committer | David Ashby <delta.mu.alpha@gmail.com> | 2017-11-22 15:56:56 -0500 |
commit | 3d871edbffc973c7b481656bb694d837492a74b7 (patch) | |
tree | cdf13f6258143559273708b142b260b04013587d | |
parent | 89bbdc8b5416e6e5c00b80edd74749a379f97a92 (diff) | |
download | chef-3d871edbffc973c7b481656bb694d837492a74b7.tar.gz |
fix argument to restorecon not being shell-escaped
Signed-off-by: David Ashby <delta.mu.alpha@gmail.com>
-rw-r--r-- | lib/chef/util/selinux.rb | 9 | ||||
-rw-r--r-- | spec/unit/util/selinux_spec.rb | 9 |
2 files changed, 8 insertions, 10 deletions
diff --git a/lib/chef/util/selinux.rb b/lib/chef/util/selinux.rb index 0ff76c6407..8b4c38754c 100644 --- a/lib/chef/util/selinux.rb +++ b/lib/chef/util/selinux.rb @@ -48,10 +48,11 @@ class Chef def restore_security_context(file_path, recursive = false) if restorecon_path - restorecon_command = recursive ? "#{restorecon_path} -R -r" : "#{restorecon_path} -R" - restorecon_command += " \"#{file_path}\"" - Chef::Log.debug("Restoring selinux security content with #{restorecon_command}") - shell_out!(restorecon_command) + restorecon_flags = [ "-R" ] + restorecon_flags << "-r" if recursive + restorecon_flags << file_path + Chef::Log.debug("Restoring selinux security content with #{restorecon_path}") + shell_out_compact!(restorecon_path, restorecon_flags) else Chef::Log.warn "Can not find 'restorecon' on the system. Skipping selinux security context restore." end diff --git a/spec/unit/util/selinux_spec.rb b/spec/unit/util/selinux_spec.rb index 751092bc9a..5081281cf4 100644 --- a/spec/unit/util/selinux_spec.rb +++ b/spec/unit/util/selinux_spec.rb @@ -124,24 +124,21 @@ describe Chef::Util::Selinux do end it "should call restorecon non-recursive by default" do - restorecon_command = "#{@restorecon_enabled_path} -R \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", path ]) @test_instance.restore_security_context(path) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path) end it "should call restorecon recursive when recursive is set" do - restorecon_command = "#{@restorecon_enabled_path} -R -r \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", "-r", path ]) @test_instance.restore_security_context(path, true) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path, true) end it "should call restorecon non-recursive when recursive is not set" do - restorecon_command = "#{@restorecon_enabled_path} -R \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", path ]) @test_instance.restore_security_context(path) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path) |