diff options
author | Thom May <thom@may.lt> | 2017-11-23 10:07:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-23 10:07:54 +0000 |
commit | 928e05f9ba841555f62b86ccee687bd3350d7518 (patch) | |
tree | 4ff96905f144a762c78de75943de3115f528b389 | |
parent | 9ee047f339b2e81d8b64a9c946da45c8e2d2dc30 (diff) | |
parent | 3d871edbffc973c7b481656bb694d837492a74b7 (diff) | |
download | chef-928e05f9ba841555f62b86ccee687bd3350d7518.tar.gz |
Merge pull request #6567 from deltamualpha/selinux-shellout-fix
Selinux shellout fix (#6346)
-rw-r--r-- | lib/chef/util/selinux.rb | 9 | ||||
-rw-r--r-- | spec/unit/util/selinux_spec.rb | 9 |
2 files changed, 8 insertions, 10 deletions
diff --git a/lib/chef/util/selinux.rb b/lib/chef/util/selinux.rb index 0ff76c6407..8b4c38754c 100644 --- a/lib/chef/util/selinux.rb +++ b/lib/chef/util/selinux.rb @@ -48,10 +48,11 @@ class Chef def restore_security_context(file_path, recursive = false) if restorecon_path - restorecon_command = recursive ? "#{restorecon_path} -R -r" : "#{restorecon_path} -R" - restorecon_command += " \"#{file_path}\"" - Chef::Log.debug("Restoring selinux security content with #{restorecon_command}") - shell_out!(restorecon_command) + restorecon_flags = [ "-R" ] + restorecon_flags << "-r" if recursive + restorecon_flags << file_path + Chef::Log.debug("Restoring selinux security content with #{restorecon_path}") + shell_out_compact!(restorecon_path, restorecon_flags) else Chef::Log.warn "Can not find 'restorecon' on the system. Skipping selinux security context restore." end diff --git a/spec/unit/util/selinux_spec.rb b/spec/unit/util/selinux_spec.rb index 751092bc9a..5081281cf4 100644 --- a/spec/unit/util/selinux_spec.rb +++ b/spec/unit/util/selinux_spec.rb @@ -124,24 +124,21 @@ describe Chef::Util::Selinux do end it "should call restorecon non-recursive by default" do - restorecon_command = "#{@restorecon_enabled_path} -R \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", path ]) @test_instance.restore_security_context(path) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path) end it "should call restorecon recursive when recursive is set" do - restorecon_command = "#{@restorecon_enabled_path} -R -r \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", "-r", path ]) @test_instance.restore_security_context(path, true) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path, true) end it "should call restorecon non-recursive when recursive is not set" do - restorecon_command = "#{@restorecon_enabled_path} -R \"#{path}\"" - expect(@test_instance).to receive(:shell_out!).twice.with(restorecon_command) + expect(@test_instance).to receive(:shell_out_compact!).twice.with(@restorecon_enabled_path, [ "-R", path ]) @test_instance.restore_security_context(path) expect(File).not_to receive(:executable?) @test_instance.restore_security_context(path) |