Avoid puppet errors when SELinux is disabled #295
Conversation
Updated selinux types to avoid runtime errors when SELinux is disabled. selinux::boolean, selinux::fcontext, and selinux::port will now essentially do nothing when SELinux is disabled.
|
@ekohl can you take another look and merge if there are no issues? |
| value => $value, | ||
| persistent => $persistent, | ||
| # Do nothing unless SELinux is enabled | ||
| if $facts['selinux'] { |
There was a problem hiding this comment.
Isn't the selinux fact a hash though (thus always true)?
selinux (map) — Represents information about Security-Enhanced Linux (SELinux).
config_mode (string) — The configured SELinux mode.
config_policy (string) — The configured SELinux policy.
current_mode (string) — The current SELinux mode.
enabled (boolean) — True if SELinux is enabled or false if not.
enforced (boolean) — True if SELinux policy is enforced or false if not.
policy_version (string) — The version of the SELinux policy.
There was a problem hiding this comment.
Sorry, my mistake. selinux is a boolean legacy fact. The new fact is os['selinux']
There was a problem hiding this comment.
Which you've already covered in great detail in this thread. I'll get my coat... :)
|
This needs to be done for |
|
Could you open a new issue/pr for that? Comments on a closed PR generally don't result in any code change. |
|
@jorhett It should be a simple fix to handle systems running in permissive mode. Can you create a new issue regarding this? This PR has already been merged. |
Avoid puppet errors when SELinux is disabled
Fixes #286. Puppet will no longer display a runtime error when applying a manifest on a node with selinux disabled. These changes essentially make the
selinux::boolean,selinux::fcontext, andselinux::porttypes do nothing when SELinux is disabled.