diff --git a/changelog/63336.fixed.md b/changelog/63336.fixed.md new file mode 100644 index 000000000000..0223a4b0d65d --- /dev/null +++ b/changelog/63336.fixed.md @@ -0,0 +1 @@ +Fix SELinux get policy with trailing whitespace diff --git a/salt/modules/selinux.py b/salt/modules/selinux.py index dbfa93928bf5..6b02900db190 100644 --- a/salt/modules/selinux.py +++ b/salt/modules/selinux.py @@ -477,8 +477,10 @@ def fcontext_get_policy( if filetype: _validate_filetype(filetype) re_spacer = "[ ]+" + re_optional_spacer = "[ |\t]*" cmd_kwargs = { "spacer": re_spacer, + "ospacer": re_optional_spacer, "filespec": re.escape(name), "sel_user": sel_user or "[^:]+", "sel_role": "[^:]+", # se_role for file context is always object_r @@ -490,7 +492,7 @@ def fcontext_get_policy( ) cmd = ( "semanage fcontext -l | egrep " - + "'^{filespec}{spacer}{filetype}{spacer}{sel_user}:{sel_role}:{sel_type}:{sel_level}$'".format( + + "'^{filespec}{spacer}{filetype}{spacer}{sel_user}:{sel_role}:{sel_type}:{sel_level}{ospacer}$'".format( **cmd_kwargs ) ) diff --git a/tests/pytests/unit/modules/test_selinux.py b/tests/pytests/unit/modules/test_selinux.py index dd38b6721f57..05d3ca25e241 100644 --- a/tests/pytests/unit/modules/test_selinux.py +++ b/tests/pytests/unit/modules/test_selinux.py @@ -19,7 +19,7 @@ def test_fcontext_get_policy_parsing(): { "semanage_out": ( "/var/www(/.*)? all files " - " system_u:object_r:httpd_sys_content_t:s0" + " system_u:object_r:httpd_sys_content_t:s0 " ), "name": "/var/www(/.*)?", "filetype": "all files", @@ -31,7 +31,7 @@ def test_fcontext_get_policy_parsing(): { "semanage_out": ( "/var/www(/.*)? all files " - " system_u:object_r:httpd_sys_content_t:s0" + " system_u:object_r:httpd_sys_content_t:s0 " ), "name": "/var/www(/.*)?", "filetype": "all files", @@ -43,7 +43,7 @@ def test_fcontext_get_policy_parsing(): { "semanage_out": ( "/var/lib/dhcp3? directory " - " system_u:object_r:dhcp_state_t:s0" + " system_u:object_r:dhcp_state_t:s0 " ), "name": "/var/lib/dhcp3?", "filetype": "directory",