The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com
https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:
selboolean reports error if selinux is not enabled
|Status:||Code Insufficient||Start date:||08/17/2011|
|Assignee:||Sean Millichamp||% Done:|
|Affected Puppet version:||Branch:|
If an selboolean is defined for a class, but is executing on a host that does not have SELinux enabled, an error is reported. e.g.:
Execution of ‘/usr/sbin/getsebool httpd_can_network_connect’ returned 1: /usr/sbin/getsebool: SELinux is disabled
It should not be considered a failure, but perhaps a warning if you try to set/get an SELinux boolean on a host that does not have selinux enabled.
Before setting/getting the boolean, a quick call to getenforce could be made, and a warning issued if it returns “Disabled”.
#2 Updated by Sean Millichamp over 4 years ago
I’ve looked at this and I agree that the selboolean type ought to do nothing if SELinux is disabled. A workaround is to check the facter “selinux” variable to see if it is true or false and conditional it appropriately in the Puppet manifest.
I have a modified selboolean type that seems to properly detect and ignore a disabled SELinux, but it needs some polishing and likely a unit test.
#6 Updated by Sean Millichamp over 4 years ago
I have pushed what I have to https://github.com/seanmil/puppet/tree/selinux/bug/9054_selboolean_fix
I took a stab at putting some tests together for it, but my RSpec-fu is too weak for the amount of time I have/had available.
I have a feeling that the selboolean type could be rewritten a lot cleaner, but for now I think the fixes in the above branch should address the reported issue. It has been a number of months since I originally hacked on it, but I did some limited testing on systems with SELinux installed but disabled and it seemed to address the issue. If the original reporters want to give the fix a spin that would be great.