From 2cb3d162c72d57adedf3eeb3d645bd1c5a6979d0 Mon Sep 17 00:00:00 2001 From: Mike Riddle Date: Mon, 23 Jan 2023 17:20:39 -0500 Subject: [PATCH] (#82) Added RHEL 9 Support Fixes #82 --- CHANGELOG | 3 +++ Gemfile | 1 + data/os/RedHat-9.yaml | 7 +++++ metadata.json | 2 +- spec/acceptance/nodesets/rhel.yml | 13 ++++++++++ .../suites/default/05_kernel_enforce_spec.rb | 26 ++++++++++++------- 6 files changed, 42 insertions(+), 10 deletions(-) create mode 100644 data/os/RedHat-9.yaml diff --git a/CHANGELOG b/CHANGELOG index f406825..ed0315b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,6 @@ +* Mon Jan 23 2023 Michael Riddle - 2.8.1 +- Added RHEL 9 support + * Fri Jun 03 2022 Chris Tessmer - 2.8.0 - Update from camptocamp/systemd to puppet/systemd diff --git a/Gemfile b/Gemfile index 73906ba..0de6e17 100644 --- a/Gemfile +++ b/Gemfile @@ -40,6 +40,7 @@ group :system_tests do gem 'beaker-rspec' gem 'simp-beaker-helpers', ENV['SIMP_BEAKER_HELPERS_VERSION'] || ['>= 1.28.0', '< 2'] gem 'bcrypt_pbkdf' + gem 'net-ssh', '< 7.0' if Gem::Requirement.create('< 2.6').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) end # Evaluate extra gemfiles if they exist diff --git a/data/os/RedHat-9.yaml b/data/os/RedHat-9.yaml new file mode 100644 index 0000000..175b172 --- /dev/null +++ b/data/os/RedHat-9.yaml @@ -0,0 +1,7 @@ +--- +# mcstrans package not a default package in redhat 9 +selinux::mcstrans_service_name: mcstransd + +selinux::manage_restorecond_package: false +selinux::manage_restorecond_service: false +selinux::restorecond_package_name: policycoreutils-restorecond diff --git a/metadata.json b/metadata.json index f4fb4c7..b6c2bf2 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "simp-selinux", - "version": "2.8.0", + "version": "2.8.1", "author": "SIMP Team", "summary": "manages the SELinux system state", "license": "Apache-2.0", diff --git a/spec/acceptance/nodesets/rhel.yml b/spec/acceptance/nodesets/rhel.yml index 2086256..65c12bb 100644 --- a/spec/acceptance/nodesets/rhel.yml +++ b/spec/acceptance/nodesets/rhel.yml @@ -1,5 +1,18 @@ --- HOSTS: + rhel9: + roles: + - server + - default + - master + platform: el-9-x86_64 + box: generic/rhel9 + hypervisor: <%= hypervisor %> + yum_repos: + epel: + mirrorlist: 'https://mirrors.fedoraproject.org/metalink?repo=epel-9&arch=$basearch' + gpgkeys: + - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 rhel8: roles: - server diff --git a/spec/acceptance/suites/default/05_kernel_enforce_spec.rb b/spec/acceptance/suites/default/05_kernel_enforce_spec.rb index 16d27f9..808d1cc 100644 --- a/spec/acceptance/suites/default/05_kernel_enforce_spec.rb +++ b/spec/acceptance/suites/default/05_kernel_enforce_spec.rb @@ -19,15 +19,23 @@ host.reboot - result = on(host, 'cat /proc/cmdline').output.strip - result = Hash[result.split(/\s+/).grep(/=/).map{|x| - # Some RHS entries can contain '=' - y = x.split('=') - [y[0], y[1..-1].join('=')] - }] - - expect(result['selinux']).to eq('1') - expect(result['enforcing']).to eq('1') + os_fact = fact_on(host, 'os') + # EL 9 machines don't appear to show selinux info on /proc/cmdline + # For those machines, check getenforce instead + if (os_fact['release']['major'].to_i > 8) + result = on(host, 'getenforce') + expect(result.stdout.strip).to eq('Enforcing') + else + result = on(host, 'cat /proc/cmdline').output.strip + result = Hash[result.split(/\s+/).grep(/=/).map{|x| + # Some RHS entries can contain '=' + y = x.split('=') + [y[0], y[1..-1].join('=')] + }] + + expect(result['selinux']).to eq('1') + expect(result['enforcing']).to eq('1') + end end it 'should be idempotent' do