osbuild2: add support for org.osbuild.selinux.config stage

Add support for a new osbuid stage `org.osbuild.selinux.config`, for setting the desired SELinux policy state and type on the system. Add unit tests for the new stage. Related to https://github.com/osbuild/osbuild/pull/799. Signed-off-by: Tomas Hozza <thozza@redhat.com>
2021-09-08 17:08:39 +02:00 · 2021-09-08 17:08:39 +02:00 · fbb70c2d10
commit fbb70c2d10
parent ca2dc71eea
4 changed files with 77 additions and 0 deletions
--- a/internal/osbuild2/selinux_config_stage.go
+++ b/internal/osbuild2/selinux_config_stage.go
@ -0,0 +1,36 @@
+package osbuild2
+
+// The SELinuxConfigStageOptions describe the desired SELinux policy state
+// and type on the system.
+type SELinuxConfigStageOptions struct {
+	State SELinuxPolicyState `json:"state,omitempty"`
+	Type  SELinuxPolicyType  `json:"type,omitempty"`
+}
+
+func (SELinuxConfigStageOptions) isStageOptions() {}
+
+// Valid SELinux Policy states
+type SELinuxPolicyState string
+
+const (
+	SELinuxStateEnforcing  SELinuxPolicyState = "enforcing"
+	SELinuxStatePermissive SELinuxPolicyState = "permissive"
+	SELinuxStateDisabled   SELinuxPolicyState = "disabled"
+)
+
+// Valid SELinux Policy types
+type SELinuxPolicyType string
+
+const (
+	SELinuxTypeTargeted SELinuxPolicyType = "targeted"
+	SELinuxTypeMinimum  SELinuxPolicyType = "minimum"
+	SELinuxTypeMLS      SELinuxPolicyType = "mls"
+)
+
+// NewSELinuxConfigStage creates a new SELinuxConfig Stage object.
+func NewSELinuxConfigStage(options *SELinuxConfigStageOptions) *Stage {
+	return &Stage{
+		Type:    "org.osbuild.selinux.config",
+		Options: options,
+	}
+}
--- a/internal/osbuild2/selinux_config_stage_test.go
+++ b/internal/osbuild2/selinux_config_stage_test.go
@ -0,0 +1,16 @@
+package osbuild2
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewSELinuxConfigStage(t *testing.T) {
+	expectedStage := &Stage{
+		Type:    "org.osbuild.selinux.config",
+		Options: &SELinuxConfigStageOptions{},
+	}
+	actualStage := NewSELinuxConfigStage(&SELinuxConfigStageOptions{})
+	assert.Equal(t, expectedStage, actualStage)
+}
--- a/internal/osbuild2/stage.go
+++ b/internal/osbuild2/stage.go
@ -55,6 +55,8 @@ func (stage *Stage) UnmarshalJSON(data []byte) error {
 		options = new(LocaleStageOptions)
 	case "org.osbuild.selinux":
 		options = new(SELinuxStageOptions)
+	case "org.osbuild.selinux.config":
+		options = new(SELinuxConfigStageOptions)
 	case "org.osbuild.hostname":
 		options = new(HostnameStageOptions)
 	case "org.osbuild.users":
--- a/internal/osbuild2/stage_test.go
+++ b/internal/osbuild2/stage_test.go
@ -385,6 +385,29 @@ func TestStage_UnmarshalJSON(t *testing.T) {
 				data: []byte(`{"type":"org.osbuild.selinux","options":{"file_contexts":""}}`),
 			},
 		},
+		{
+			name: "selinux.config-empty",
+			fields: fields{
+				Type:    "org.osbuild.selinux.config",
+				Options: &SELinuxConfigStageOptions{},
+			},
+			args: args{
+				data: []byte(`{"type":"org.osbuild.selinux.config","options":{}}`),
+			},
+		},
+		{
+			name: "selinux.config",
+			fields: fields{
+				Type: "org.osbuild.selinux.config",
+				Options: &SELinuxConfigStageOptions{
+					State: SELinuxStatePermissive,
+					Type:  SELinuxTypeMinimum,
+				},
+			},
+			args: args{
+				data: []byte(`{"type":"org.osbuild.selinux.config","options":{"state":"permissive","type":"minimum"}}`),
+			},
+		},
 		{
 			name: "sysconfig",
 			fields: fields{