Merge pull request #223 from artem-forks/centos-8-support

CentOS 8: proper selinux package naming
dev-sec · Oct 30, 2019 · d7f09d4 · d7f09d4
2 parents 5e56a20 + 9cc66c9
commit d7f09d4
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -32,9 +32,6 @@ script:
   -  bundle exec rake kitchen KITCHEN_LOCAL_YAML=.kitchen.dokken.yml
 
 matrix:
-  allow_failures:
-    # temporaray disable failing tests until all problems are fixed
-    - env: INSTANCE=centos-8
   include:
     - env: UNIT_AND_LINT=1
       script:

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -31,6 +31,14 @@
   default['ssh-hardening']['sshclient']['package'] = 'openssh-client'
 end
 
+# Define the package name for selinux utils
+if node['platform_family'] == 'fedora' || # rubocop:disable Style/ConditionalAssignment
+   node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 8
+  default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python-utils'
+else
+  default['ssh-hardening']['selinux']['package'] = 'policycoreutils-python'
+end
+
 # Define the server package name
 case node['platform']
 when 'suse', 'opensuse', 'opensuseleap'

diff --git a/recipes/server.rb b/recipes/server.rb
@@ -56,9 +56,7 @@
   module_file = ::File.join(cache_dir, 'ssh_password.mod')
   package_file = ::File.join(cache_dir, 'ssh_password.pp')
 
-  package 'policycoreutils-python'
-  # on fedora we need an addtional package for semodule_package
-  package 'policycoreutils-python-utils' if node['platform_family'] == 'fedora'
+  package node['ssh-hardening']['selinux']['package']
 
   if node['ssh-hardening']['ssh']['server']['use_pam']
     # UsePAM yes: disable and remove the additional SELinux policy