Debian Question posted in
The oficial documentation can be found here.

Debian – Looking for a neet way to enforce a state only if a minon has seLinux installed

I have code that installs a custom seLinux module. In my fleet of minions there’s Fedora based systems (with seLinux installed) and Debian based ones (without seLinux). On the latter the module/installing state should not be used and I am thus looking for a way of retrieving a neat answer to the question "is seLinux installed on this system?" (NOT "is seLinux enforcing on this system?") to use in a corresponding jinja2 if clause.

Attempts that have me despairing are:

  • there appears to be no state in salt querying whether a given binary is on the $PATH – checking for sestatus is what I was after here.
  • salt.states.selinux is not available on systems devoid of seLinux, so it’s functionality does not help.
  • I could not find any salt functionality to query for the local availability of something like salt.states.selinux (see above) either.
  • Something like 
    - unless: - rpm -q libselinux

    (from stackoverflow.com/a/31748984/2103880) also does not work, as rpm is Fedora specific…

  • Checking for absence of /etc/selinux also is not an option, as the Debian systems actually have that.

Any hint on how to go about this is appreciated.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Following this hint, I ended up doing:

    {% if salt['pkg.version']('libselinux') %}
...
{% endif %}

    Not what I would call neat and using somewhat convoluted logic, but it appears to do the trick.


  2. 0

    If selinux is installed, then a grain is available:

    {% if 'selinux' in grains %}

# states that only run if selinux is available

{% endif %}

    You can also use that grain for minion matching.

    In general, you can also check whether a module has been loaded:

    {% if 'selinux.getconfig' in salt %}

# states that only run if selinux is available

{% endif %}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search