Some tweaks to SELinux behavior for Kubernetes.

inspec · Nov 6, 2017 · 8cd24d7 · 8cd24d7
1 parent e01cc09
commit 8cd24d7
Show file tree

Hide file tree

Showing 8 changed files with 32 additions and 8 deletions.
diff --git a/lib/train/extras/stat.rb b/lib/train/extras/stat.rb
@@ -45,7 +45,7 @@ def self.linux_stat(shell_escaped_path, backend, follow_symlink)
       tmask = fields[1].to_i(16)
       selinux = fields[8]
       ## selinux security context string not available on esxi
-      selinux = nil if selinux == '?' or selinux == '(null)' or selinux == 'C'
+      selinux = nil if selinux == '?' or selinux == '(null)' or selinux == 'C' or selinux == 'unlabeled'
       {
         type:  find_type(tmask),
         mode:  tmask & 07777,

diff --git a/test/integration/helper.rb b/test/integration/helper.rb
@@ -31,7 +31,7 @@ def root_group(os)
     end
 
     def selinux_label(backend, path = nil)
-      return nil if backend.class.to_s =~ /docker/i
+      return nil if backend.class.to_s =~ /docker|kubernetes/i
 
       os = backend.os
       labels = {}

diff --git a/test/integration/tests/path_block_device_test.rb b/test/integration/tests/path_block_device_test.rb
@@ -60,7 +60,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do

diff --git a/test/integration/tests/path_character_device_test.rb b/test/integration/tests/path_character_device_test.rb
@@ -60,7 +60,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do

diff --git a/test/integration/tests/path_file_test.rb b/test/integration/tests/path_file_test.rb
@@ -65,7 +65,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do

diff --git a/test/integration/tests/path_folder_test.rb b/test/integration/tests/path_folder_test.rb
@@ -72,7 +72,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do

diff --git a/test/integration/tests/path_pipe_test.rb b/test/integration/tests/path_pipe_test.rb
@@ -63,7 +63,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do

diff --git a/test/integration/tests/path_symlink_test.rb b/test/integration/tests/path_symlink_test.rb
@@ -81,7 +81,11 @@
 
     it 'has selinux label handling' do
       res = Test.selinux_label(backend, file.path)
-      file.selinux_label.must_equal(res)
+      if res.nil?
+        file.selinux_label.must_be_nil
+      else
+        file.selinux_label.must_equal(res)
+      end
     end
 
     it 'has no product_version' do