Skip to content

Commit

Permalink
fcos/v1_6_exp: Add validations to SElinux
Browse files Browse the repository at this point in the history
Adds a SElinux validations and add new errors.
  • Loading branch information
yasminvalim committed Sep 7, 2023
1 parent 45af03c commit 7c08dc7
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
5 changes: 5 additions & 0 deletions config/common/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@ var (

// Kernel arguments
ErrGeneralKernelArgumentSupport = errors.New("kernel argument customization is not supported in this spec version")

// SElinux
ErrSelinuxInvalidModeValue = errors.New("Invalid Selinux mode value, it must be true(enforcing) or false(permissive)")
ErrSelinuxInvalidStateValue = errors.New("Invalid Selinux state value, it must be true(enabled) or false(disabled)")
ErrSelinuxModeRequiredWithStateTrue = errors.New("Invalid configuration. If Selinux is enabled, a mode should be defined.")
)

type ErrUnmarshal struct {
Expand Down
14 changes: 14 additions & 0 deletions config/fcos/v1_6_exp/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,3 +77,17 @@ func (user GrubUser) Validate(c path.ContextPath) (r report.Report) {
}
return
}

func (s *Selinux) ValidateSelinux(c path.ContextPath) (r report.Report) {
if s.State != nil {
if !(*s.State == true || *s.State == false) {
r.AddOnError(c.Append("state"), common.ErrSelinuxInvalidStateValue)
} else if *s.State == true && s.Mode == nil {
r.AddOnError(c.Append("mode"), common.ErrSelinuxModeRequiredWithStateTrue)
}
}
if s.Mode != nil && !(*s.Mode == true || *s.Mode == false) {
r.AddOnError(c.Append("mode"), common.ErrSelinuxInvalidModeValue)
}
return
}

0 comments on commit 7c08dc7

Please sign in to comment.