(PUP-7126) Replace matchpathcon_fini with selinux_close

Selinux.matchpathcon_fini is deprecated and needs to be replaced with selinux_close. This commit updates the post_resource_eval method for the POSIX file provider to call selinux_close instead. Co-authored-by: William Bradford Clark <wclark@redhat.com>
puppetlabs · Jun 3, 2024 · 0c17a5a · 0c17a5a
1 parent 4dcd489
commit 0c17a5a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/lib/puppet/provider/file/posix.rb b/lib/puppet/provider/file/posix.rb
@@ -24,8 +24,8 @@ def pre_resource_eval
                         end
     end
 
-    def self.post_resource_eval
-      Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
+    def post_resource_eval
+      Selinux.selinux_close(@selinux_handle) if @selinux_handle
     end
   end
 

diff --git a/spec/unit/transaction_spec.rb b/spec/unit/transaction_spec.rb
@@ -758,14 +758,16 @@ def post_resource_eval
       transaction.evaluate
     end
 
-    it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
-      selinux = double('selinux', is_selinux_enabled: true, matchpathcon_fini: nil)
+    it "should call Selinux.selinux_close in case Selinux is enabled", :if => Puppet.features.posix? do
+      selinux = double('selinux', is_selinux_enabled: true, selinux_close: nil)
       stub_const('Selinux', selinux)
 
       resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
       transaction = transaction_with_resource(resource)
 
-      expect(Selinux).to receive(:matchpathcon_fini)
+      handle = double('selinux_handle')
+      allow(Selinux).to receive(:selabel_open).and_return(handle)
+      expect(Selinux).to receive(:selinux_close).with(handle)
       expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
 
       transaction.evaluate