Puppet: System Administration Automated

Support

Ticket #1155 (reopened enhancement)

Opened 10 months ago

Last modified 8 months ago

PATCH: SELinux enhancements.

Reported by: wakko666 Assigned to: community
Priority: normal Milestone:
Component: newfeature Version:
Severity: normal Keywords: SELinux
Cc: Triage Stage: Accepted
Attached Patches: Insufficient Complexity: Unknown

Description

I'd like to get the SELinux enhancements located in this git repo upstreamed. As SELinux becomes more ubiquitous, having support for managing it makes server administration significantly easier.

This set of patches, plus some explanation is located here: http://spook.wpi.edu/

You can check out the full repository here: git clone http://spook.wpi.edu/git/projects/puppet/.git

Attachments

puppet-selinux.diff (11.7 kB) - added by fs on 04/02/08 13:55:06.
puppet_selinux_tests.diff (1.4 kB) - added by wakko666 on 05/08/08 22:47:29.
test cases for the selinux patch (v1)

Change History

03/24/08 21:49:55 changed by wakko666

  • type changed from defect to enhancement.

04/02/08 13:55:06 changed by fs

  • attachment puppet-selinux.diff added.

04/02/08 13:55:36 changed by fs

For convenience, here's a copy of the current version of the patch.

04/03/08 10:26:07 changed by jamtur01

  • owner changed from community to luke.
  • stage changed from Unreviewed to Needs design decision.

Up to you Luke...

04/03/08 18:42:11 changed by luke

I can't accept this patch until the types and providers have tests. You should be able to follow the examples of recent rspec tests to create the tests you need.

Even then, I'd lean towards this being a separate module, but there's no great way to share them right now.

04/24/08 08:13:47 changed by luke

  • component changed from library to unknown.

04/28/08 16:33:21 changed by jamtur01

  • owner changed from luke to community.
  • component changed from unknown to newfeature.

05/08/08 22:47:29 changed by wakko666

  • attachment puppet_selinux_tests.diff added.

test cases for the selinux patch (v1)

05/08/08 22:48:42 changed by wakko666

I've added a first attempt at some tests. I'd appreciate any additional feedback on how to improve the tests.

05/13/08 00:19:41 changed by luke

  • status changed from new to closed.
  • resolution set to wontfix.

Ok, I added these patches to the 'selinux_patches' branch in my personal repo on github. This is what I got when I ran the test: 

Loaded suite ./other/selinux
Started
..E
Finished in 0.415804 seconds.

  1) Error:
test_semodule(TestSELinux):
Puppet::DevError: Could not find a default provider for selmodule
    /Users/luke/git/puppet/lib/puppet/metatype/providers.rb:39:in `defaultprovider'
    /Users/luke/git/puppet/lib/puppet/metatype/providers.rb:182:in `default'
    /Users/luke/git/puppet/lib/puppet/metatype/attributes.rb:631:in `setdefaults'
    /Users/luke/git/puppet/lib/puppet/metatype/attributes.rb:120:in `eachattr'
    /Users/luke/git/puppet/lib/puppet/metatype/attributes.rb:115:in `each'
    /Users/luke/git/puppet/lib/puppet/metatype/attributes.rb:115:in `eachattr'
    /Users/luke/git/puppet/lib/puppet/metatype/attributes.rb:621:in `setdefaults'
    /Users/luke/git/puppet/lib/puppet/type.rb:247:in `initialize'
    /Users/luke/git/puppet/lib/puppet/metatype/instances.rb:151:in `new'
    /Users/luke/git/puppet/lib/puppet/metatype/instances.rb:151:in `create'
    ./other/selinux.rb:56:in `test_semodule'
    /Users/luke/git/puppet/lib/../vendor/gems/mocha-0.5.6/lib/mocha/test_case_adapter.rb:19:in `__send__'
    /Users/luke/git/puppet/lib/../vendor/gems/mocha-0.5.6/lib/mocha/test_case_adapter.rb:19:in `run'

3 tests, 6 assertions, 0 failures, 1 errors

Really, though, I think this makes more sense as a publicly available module; you can always monkey-patch the 'file' type, even though that's a touch ugly.

This is going to be used so rarely by the whole community it doesn't make sense to add to core, and there's no way I can add it with this few tests.

05/13/08 00:37:40 changed by luke

  • status changed from closed to reopened.
  • resolution deleted.

Looks like Wakko666 is going to add tests.

05/14/08 23:46:12 changed by lutter

I disagree that it will rarely be used - I have a request from the Fedora Infrastructure guys to carry this patch in the RPM's until they are merged upstream. I'd feel much more comfortable if it is merged, though ;)

Good SELinux support is pretty important on any Fedora/RHEL/CentOS distribution.

05/15/08 18:03:15 changed by luke

  • stage changed from Needs design decision to Accepted.
  • patch changed from None to Insufficient.

Okay, given that lutter has said that this patch is a good idea to add to core, I've looked into it more deeply.

There are a couple of problems:

* The only test you've provided is in test/unit, rather than rspec. See Writing Tests for help on how to write rspec tests. * You still don't have complete tests. I'd like to see tests for every class you've provided. See any recent development in the master branch for examples, or the recent development in the Facter master branch. * All of your tests must pass even when there are no selinux binaries available. The reason that test is failing for me is I'm running it on an OS X box.

In terms of making all of the tests pass, you should be able to stub the provider as suitable. See the recently-committed tests for the ldap providers.

Also, it would be much easier to review your code if you pushed it to a public git repo. You can just fork the 'selinux_patches' branch in my Puppet github repo.

05/19/08 21:14:09 changed by wakko666

There are new rspec tests in the git repo at http://spook.wpi.edu/git/projects/puppet/.git

Currently the tests are for the new types. I'm still working on tests for the providers.