This updates set_owner_if_different() and set_group_if_different()
to not implicitly recurse when setting ownership (whether user or
group). It drops the os.system() call and replaces it with os.chown().
Resolves issue #825.
The recursion should be explicit. A recurse=yes|no option should be
added to the file module.
The ohai and facter modules use /usr/bin/logger to log the fact that
they have been invoked. I added 'import os' to the ping module
so that it could have the same syslog statements as the other modules.
I separated the condensed:
shlex.split(open(argfile, 'r').read())
into two separate statements similar to the other modules.
This removes the 'context' option and replaces it with checks for
'_default' value for seuser, serole, setype, or (maybe) selevel.
If '_default' is provided *and* there is a default context for the given
file, this will set the file context to the available default.
This adds selinux_mls_enabled() and selinux_enabled() to detect a)
whether selinux is MLS aware (ie supports selevel) and b) whether
selinux is enabled. If selinux is not enabled, all selinux operations
are punted on -- same as if python's selinux module were not available.
In set_context_if_different(), I now iterate over the current context
instead of the context argument. Even if the system supports MLS, it
may not return the selevel from selinux.lgetfilecon(). Lastly, this
drops selinux_has_selevel() in lieu of the current approach.
Older versions of selinux, such as that deployed on rhel5, only return a
context of user:role:type instead of user:role:type:level. This detects
whether the tuple has three elements (old-style) or four. If the
old-style, it keeps the secontext list at three elements.
This adjusts behavior of file module such that removal of se* option
does not revert the file's selinux context to the default. In order to
go back to the default context according to the policy, you can use the
context=default option.
This adds the options: seuser, serole, setype, and serange to the file
module. If the python selinux module doesn't exist, this will set
HAVE_SELINUX to False and punt in the related modules.
This takes the options the user provides and applies those to the
default selinux context as provided from matchpathcon(). If there is no
default context, this uses the value from the current context. This
implies that if you set the setype and later remove it, the file module
will rever the setype to the default if available.
