From 7c08dc71ddd9dd3e2344982f21f2bd4c1de5dca4 Mon Sep 17 00:00:00 2001 From: Yasmin Valim Date: Thu, 7 Sep 2023 11:35:36 -0300 Subject: [PATCH] fcos/v1_6_exp: Add validations to SElinux Adds a SElinux validations and add new errors. --- config/common/errors.go | 5 +++++ config/fcos/v1_6_exp/validate.go | 14 ++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/config/common/errors.go b/config/common/errors.go index a5f8d5b2..41541522 100644 --- a/config/common/errors.go +++ b/config/common/errors.go @@ -93,6 +93,11 @@ var ( // Kernel arguments ErrGeneralKernelArgumentSupport = errors.New("kernel argument customization is not supported in this spec version") + + // SElinux + ErrSelinuxInvalidModeValue = errors.New("Invalid Selinux mode value, it must be true(enforcing) or false(permissive)") + ErrSelinuxInvalidStateValue = errors.New("Invalid Selinux state value, it must be true(enabled) or false(disabled)") + ErrSelinuxModeRequiredWithStateTrue = errors.New("Invalid configuration. If Selinux is enabled, a mode should be defined.") ) type ErrUnmarshal struct { diff --git a/config/fcos/v1_6_exp/validate.go b/config/fcos/v1_6_exp/validate.go index 4c3ae9de..d5166cc1 100644 --- a/config/fcos/v1_6_exp/validate.go +++ b/config/fcos/v1_6_exp/validate.go @@ -77,3 +77,17 @@ func (user GrubUser) Validate(c path.ContextPath) (r report.Report) { } return } + +func (s *Selinux) ValidateSelinux(c path.ContextPath) (r report.Report) { + if s.State != nil { + if !(*s.State == true || *s.State == false) { + r.AddOnError(c.Append("state"), common.ErrSelinuxInvalidStateValue) + } else if *s.State == true && s.Mode == nil { + r.AddOnError(c.Append("mode"), common.ErrSelinuxModeRequiredWithStateTrue) + } + } + if s.Mode != nil && !(*s.Mode == true || *s.Mode == false) { + r.AddOnError(c.Append("mode"), common.ErrSelinuxInvalidModeValue) + } + return +}