diff options
| author | Lamont Granquist <lamont@scriptkiddie.org> | 2020-07-24 16:02:26 -0700 |
|---|---|---|
| committer | Lamont Granquist <lamont@scriptkiddie.org> | 2020-07-24 16:02:26 -0700 |
| commit | f4706e66d97bc3fc5056f539e241c81199ab382d (patch) | |
| tree | 9452f70e81c658765f2f9cfe0c9ad53c0f284a73 | |
| parent | 7e057ccd6f3c317a7c1193a76964ab057e2df0b4 (diff) | |
| download | chef-lcg/selinux-debugging.tar.gz | |
selinux debugginglcg/selinux-debugging
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
| -rw-r--r-- | lib/chef/provider/file.rb | 1 | ||||
| -rw-r--r-- | lib/chef/util/selinux.rb | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb index 0de620bba1..f8853bc701 100644 --- a/lib/chef/provider/file.rb +++ b/lib/chef/provider/file.rb @@ -429,6 +429,7 @@ class Chef def do_selinux(recursive = false) if resource_updated? && Chef::Config[:enable_selinux_file_permission_fixup] if selinux_enabled? + puts "SELINUX ENABLED" converge_by("restore selinux security context") do restore_security_context(::File.realpath(new_resource.path), recursive) end diff --git a/lib/chef/util/selinux.rb b/lib/chef/util/selinux.rb index 8016262b6f..a1f34c9aed 100644 --- a/lib/chef/util/selinux.rb +++ b/lib/chef/util/selinux.rb @@ -53,7 +53,9 @@ class Chef restorecon_flags << file_path Chef::Log.trace("Restoring selinux security content with #{restorecon_path}") shell_out!(restorecon_path, restorecon_flags) + puts "RESTORECON RAN FINE WTF?" else + puts "COULD NOT FIND RESTORECON!" Chef::Log.warn "Can not find 'restorecon' on the system. Skipping selinux security context restore." end end @@ -72,16 +74,21 @@ class Chef def check_selinux_enabled? if selinuxenabled_path + puts "FOUND SELINUXENABLED PATH" cmd = shell_out!(selinuxenabled_path, returns: [0, 1]) case cmd.exitstatus when 1 + puts "SELINUXENABLED PATH FALSE" false when 0 + puts "SELINUXENABLED PATH TRUE" true else + puts "SELINUXENABLED PATH WTF" raise "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}" end else + puts "NO SELINUXENABLED PATH" # We assume selinux is not enabled if selinux utils are not # installed. false |