pyinfra icon indicating copy to clipboard operation
pyinfra copied to clipboard

Published 20 hours ago verified publisher icon pyinfra-dev

expanded SELinux support

Open morrison12 opened this issue 2 years ago • 1 comments

This is a first attempt at expanding SELinux support in PyInfra, specifically facts and operations for each of:

  1. Booleans
  2. Port labelling
  3. File Contexts
  4. File Context Mappings

There are a few things I'm not sure I like yet:

  1. There are two versions (SEPort and SEPortB) of a fact to get the SELinux ’type' for a port:
  • the former transfers a lot of lines (~500 on a vanilla Fedora 36 installation) and has to sort through it to build the port -> SELinux ’type mapping
  • the latter transfers only a few lines but requires policycoreutils-dev to be installed which seems unlikely and I think the former (SEPort) is probably the right answer and SEPortB should be removed but have provided both in case there are other considerations.

  1. The name “file context mapping” for the information managed by semanage fcontext seems rather verbose. Any suggestions would be useful.

  2. I'm in a battle with flake8 on quotes (see #870)

Note I’ve deliberately left the support for user, role and range by selinux.filecontext to someone else as I don’t have a way to test them.

Comments/Corrections/Suggestions/etc welcome

morrison12 avatar Aug 10 '22 17:08 morrison12

Codecov Report

Merging #871 (a81c2f1) into 2.x (3c3f444) will increase coverage by 0.27%. The diff coverage is 100.00%.

@@            Coverage Diff             @@
##              2.x     #871      +/-   ##
==========================================
+ Coverage   91.66%   91.94%   +0.27%     
==========================================
  Files         122      123       +1     
  Lines        7584     7709     +125     
==========================================
+ Hits         6952     7088     +136     
+ Misses        632      621      -11
Impacted Files Coverage Δ
pyinfra/facts/selinux.py 100.00% <100.00%> (+57.89%) :arrow_up:
pyinfra/operations/selinux.py 100.00% <100.00%> (ø)
pyinfra/facts/files.py 100.00% <0.00%> (ø)
pyinfra/operations/files.py 98.64% <0.00%> (+0.04%) :arrow_up:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Sep 04 '22 18:09 codecov[bot]