diff --git a/lib/puppet/provider/file/posix.rb b/lib/puppet/provider/file/posix.rb index 3bbe769baf9..24afe16ca10 100644 --- a/lib/puppet/provider/file/posix.rb +++ b/lib/puppet/provider/file/posix.rb @@ -8,6 +8,11 @@ include Puppet::Util::Warnings require 'etc' + require 'puppet/util/selinux' + + def self.post_resource_eval + Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support? + end def uid2name(id) return id.to_s if id.is_a?(Symbol) or id.is_a?(String) diff --git a/lib/puppet/util/selinux.rb b/lib/puppet/util/selinux.rb index 710dcec6498..56b7fe53e07 100644 --- a/lib/puppet/util/selinux.rb +++ b/lib/puppet/util/selinux.rb @@ -13,7 +13,7 @@ module Puppet::Util::SELinux - def selinux_support? + def self.selinux_support? return false unless defined?(Selinux) if Selinux.is_selinux_enabled == 1 return true @@ -21,6 +21,10 @@ def selinux_support? false end + def selinux_support? + Puppet::Util::SELinux.selinux_support? + end + # Retrieve and return the full context of the file. If we don't have # SELinux support or if the SELinux call fails then return nil. def get_selinux_current_context(file) diff --git a/spec/unit/transaction_spec.rb b/spec/unit/transaction_spec.rb index c0d3f178405..09700c2e370 100644 --- a/spec/unit/transaction_spec.rb +++ b/spec/unit/transaction_spec.rb @@ -778,6 +778,24 @@ def post_resource_eval transaction.evaluate end + + it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do + unless defined?(Selinux) + module Selinux + def self.is_selinux_enabled + true + end + end + end + + resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo")) + transaction = transaction_with_resource(resource) + + expect(Selinux).to receive(:matchpathcon_fini) + expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true) + + transaction.evaluate + end end describe 'when checking application run state' do