diff options
| author | sersut <serdar@opscode.com> | 2013-05-16 18:09:24 -0700 |
|---|---|---|
| committer | sersut <serdar@opscode.com> | 2013-05-16 18:09:24 -0700 |
| commit | d5b8b1b87024fcf3a842e722474ac5f47b84183d (patch) | |
| tree | 71431c41794abcde3297119088150923641b82e7 | |
| parent | 63dcbedc9999de20d5eb909f5a063b77655200ee (diff) | |
| download | chef-d5b8b1b87024fcf3a842e722474ac5f47b84183d.tar.gz | |
Cache system's selinux state to minimize the impact. Tidy debug logs.
| -rw-r--r-- | lib/chef/provider/file.rb | 15 | ||||
| -rw-r--r-- | lib/chef/util/selinux.rb | 56 |
2 files changed, 33 insertions, 38 deletions
diff --git a/lib/chef/provider/file.rb b/lib/chef/provider/file.rb index ef535ce86c..809f6ab425 100644 --- a/lib/chef/provider/file.rb +++ b/lib/chef/provider/file.rb @@ -252,18 +252,13 @@ class Chef # resources, but for now we only have the single selinux use # case. def do_selinux(recursive = false) - selinux_util = Chef::Util::Selinux.new - if resource_updated? - if Chef::Config[:enable_selinux_file_permission_fixup] - if selinux_util.selinux_enabled? - converge_by("restore selinux security context") do - selinux_util.restore_security_context(@new_resource_path, recursive) - end - else - Chef::Log.debug "selinux utilities can not be found. Skipping selinux permission fixup." + if resource_updated? && Chef::Config[:enable_selinux_file_permission_fixup] + if Chef::Util::Selinux.selinux_enabled? + converge_by("restore selinux security context") do + Chef::Util::Selinux.restore_security_context(@new_resource_path, recursive) end else - Chef::Log.debug "selinux_file_permission_fixup is disabled. Skipping selinux permission fixup." + Chef::Log.debug "selinux utilities can not be found. Skipping selinux permission fixup." end end end diff --git a/lib/chef/util/selinux.rb b/lib/chef/util/selinux.rb index bc0942ed82..cb7e55ef20 100644 --- a/lib/chef/util/selinux.rb +++ b/lib/chef/util/selinux.rb @@ -33,27 +33,13 @@ class Chef include Chef::Mixin::ShellOut - def selinux_enabled? - if selinuxenabled_path - cmd = shell_out(selinuxenabled_path) - case cmd.exitstatus - when 1 - return false - when 0 - return true - else - raise RuntimeError, "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}" - end - else - # We assume selinux is not enabled if selinux utils are not - # installed. - return false - end + def self.selinux_enabled? + @@selinux_enabled end - def restore_security_context(file_path, recursive = false) - if restorecon_path - restorecon_command = recursive ? "#{restorecon_path} -R -r" : "#{restorecon_path} -R" + def self.restore_security_context(file_path, recursive = false) + if @@restorecon_path + restorecon_command = recursive ? "#{@@restorecon_path} -R -r" : "#{@@restorecon_path} -R" restorecon_command += " #{file_path}" Chef::Log.debug("Restoring selinux security content with #{restorecon_command}") shell_out!(restorecon_command) @@ -64,15 +50,7 @@ class Chef private - def selinuxenabled_path - @selinuxenabled_path ||= which("selinuxenabled") - end - - def restorecon_path - @restorecon_path ||= which("restorecon") - end - - def which(cmd) + def self.which(cmd) paths = ENV['PATH'].split(File::PATH_SEPARATOR) + [ '/bin', '/usr/bin', '/sbin', '/usr/sbin' ] paths.each do |path| filename = File.join(path, cmd) @@ -80,6 +58,28 @@ class Chef end false end + + def self.check_selinux_enabled? + if @@selinuxenabled_path + cmd = shell_out(@@selinuxenabled_path) + case cmd.exitstatus + when 1 + return false + when 0 + return true + else + raise RuntimeError, "Unknown exit code from command #{@@selinuxenabled_path}: #{cmd.exitstatus}" + end + else + # We assume selinux is not enabled if selinux utils are not + # installed. + return false + end + end + + @@restorecon_path ||= self.which("restorecon") + @@selinuxenabled_path ||= self.which("selinuxenabled") + @@selinux_enabled ||= self.check_selinux_enabled? end end end |