def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# If selinux library is missing, only set the status and selinux_python_present since
# there is no way to tell if SELinux is enabled or disabled on the system
# without the library.
if not HAVE_SELINUX:
selinux_facts['status'] = 'Missing selinux Python library'
facts_dict['selinux'] = selinux_facts
facts_dict['selinux_python_present'] = False
return facts_dict
# Set a boolean for testing whether the Python library is present
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(
configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# If selinux library is missing, only set the status and selinux_python_present since
# there is no way to tell if SELinux is enabled or disabled on the system
# without the library.
if not HAVE_SELINUX:
selinux_facts['status'] = 'Missing selinux Python library'
facts_dict['selinux'] = selinux_facts
facts_dict['selinux_python_present'] = False
return facts_dict
# Set a boolean for testing whether the Python library is present
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# This is weird. The value of the facts 'selinux' key can be False or a dict
if not HAVE_SELINUX:
facts_dict['selinux'] = False
facts_dict['selinux_python_present'] = False
return facts_dict
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
# NOTE: this could just return in the above clause and the rest of this is up an indent -akl
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(
configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def collect(self, module=None, collected_facts=None):
facts_dict = {}
selinux_facts = {}
# This is weird. The value of the facts 'selinux' key can be False or a dict
if not HAVE_SELINUX:
facts_dict['selinux'] = False
facts_dict['selinux_python_present'] = False
return facts_dict
facts_dict['selinux_python_present'] = True
if not selinux.is_selinux_enabled():
selinux_facts['status'] = 'disabled'
# NOTE: this could just return in the above clause and the rest of this is up an indent -akl
else:
selinux_facts['status'] = 'enabled'
try:
selinux_facts['policyvers'] = selinux.security_policyvers()
except (AttributeError, OSError):
selinux_facts['policyvers'] = 'unknown'
try:
(rc, configmode) = selinux.selinux_getenforcemode()
if rc == 0:
selinux_facts['config_mode'] = SELINUX_MODE_DICT.get(configmode, 'unknown')
else:
selinux_facts['config_mode'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['config_mode'] = 'unknown'
try:
mode = selinux.security_getenforce()
selinux_facts['mode'] = SELINUX_MODE_DICT.get(mode, 'unknown')
except (AttributeError, OSError):
selinux_facts['mode'] = 'unknown'
try:
(rc, policytype) = selinux.selinux_getpolicytype()
if rc == 0:
selinux_facts['type'] = policytype
else:
selinux_facts['type'] = 'unknown'
except (AttributeError, OSError):
selinux_facts['type'] = 'unknown'
facts_dict['selinux'] = selinux_facts
return facts_dict
def update(self):
import platform
import selinux
# security_getenforce is the same as the getenforce command.
# selinux_getenforcemode tells you what is set in /etc/selinux/config
self.platform, self.kernel = get_os_environment()
self.policy_type = selinux.selinux_getpolicytype()[1]
self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
self.policyvers = str(selinux.security_policyvers())
enforce = selinux.security_getenforce()
if enforce == 0:
self.enforce = "Permissive"
else:
self.enforce = "Enforcing"
self.selinux_enabled = bool(selinux.is_selinux_enabled())
self.selinux_mls_enabled = bool(selinux.is_selinux_mls_enabled())
self.hostname = platform.node()
self.uname = " ".join(platform.uname())
def update(self):
import platform
import selinux
# security_getenforce is the same as the getenforce command.
# selinux_getenforcemode tells you what is set in /etc/selinux/config
self.platform, self.kernel = get_os_environment()
self.policy_type = selinux.selinux_getpolicytype()[1]
self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
self.policyvers = str(selinux.security_policyvers())
enforce = selinux.security_getenforce()
if enforce == 0:
self.enforce = "Permissive"
else:
self.enforce = "Enforcing"
self.selinux_enabled = bool(selinux.is_selinux_enabled())
self.selinux_mls_enabled = bool(selinux.is_selinux_mls_enabled())
self.hostname = platform.node()
self.uname = " ".join(platform.uname())
#!/usr/bin/python import selinux print selinux.security_policyvers()
#!/usr/bin/env python3
try:
import warnings
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=PendingDeprecationWarning)
import selinux
if selinux.is_selinux_enabled():
print(selinux.security_policyvers())
except ImportError:
exit(0)
