Allow override built-in fcontext #119
Comments
ywei2017
added
the
Feature Request
|
A PR will help to better understand the issue and the fix. |
|
@Stromweld I will submit a PR in the next day or 2. Thanks. |
…types Signed-off-by: Yansheng Wei <[email protected]>
|
@Stromweld , please take a look at PR #120. If the approach makes sense, I will update the test cases and the rest for the PR. Thanks |
|
That looks good to me. I'm not very versed in selinux though. I think it'll help to add the test cases for each scenario as well as to make sure future regression isn't introduced. Would you also be able to open PR for the same thing here https://github.com/chef/chef/blob/main/lib/chef/resource/selinux_fcontext.rb. This resource was based on this cookbooks resource. It'll help chef-client as well as cinc-client since it's based on chef-client. |
|
@Stromweld Will do. Let me do it in 2 steps.
Thanks for the quick feedback. |
…types Signed-off-by: Yansheng Wei <[email protected]>
…types Signed-off-by: Yansheng Wei <[email protected]>
* [issue #119] Update fcontext to allow override of built-in types --------- Signed-off-by: Yansheng Wei <[email protected]>
🙍 Problem Statement
The selinux_fcontext::manage/modify does not allow override of built-in contexts.
:addaction would skip ifsemanage fcontext -lreturns an entry, and:modifywould fail if there is no such entry in the.localspec file. Hence there is no way to override a built-in context.❔ Possible Solution
The most straightforward solution is to check whether the type matches at the conditional statement. Instead of checking "if fcontext is already registered", it should check "if the desired fcontext is already registered". So the conditional check will the same as the
:modifyaction.One possibility is to clone and hack it, but that defeats the purpose of a re-usable cookbook.
➕ Additional context
I can submit a PR if the proposed solution is acceptable.
The text was updated successfully, but these errors were encountered: