module Chef::SELinux::CommonHelpers

Public Instance Methods

selinux_activate_required?() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 40
def selinux_activate_required?
  return false unless platform_family?("debian")

  !TargetIO::File.read("/etc/default/grub").match?("security=selinux")
end
selinux_disabled?() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 17
def selinux_disabled?
  selinux_state.eql?(:disabled)
end
selinux_enforcing?() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 21
def selinux_enforcing?
  selinux_state.eql?(:enforcing)
end
selinux_permissive?() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 25
def selinux_permissive?
  selinux_state.eql?(:permissive)
end
selinux_state() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 33
def selinux_state
  state = shell_out!("getenforce").stdout.strip.downcase.to_sym
  raise "Got unknown SELinux state #{state}" unless %i{disabled enforcing permissive}.include?(state)

  state
end
state_change_reboot_required?() click to toggle source
# File lib/chef/resource/selinux/common_helpers.rb, line 29
def state_change_reboot_required?
  (selinux_disabled? && %i{enforcing permissive}.include?(action)) || ((selinux_enforcing? || selinux_permissive?) && action == :disabled)
end