SELinux¶
Combiner for more complex handling of SELinux being disabled by any means
available to the users. It uses results of
insights.parsers.sestatus.SEStatus
, and
insights.parsers.selinux_config.SelinuxConfig
parsers and
insights.combiners.grub_conf.GrubConf
combiner.
It contains a dictionary problems
in which it stores detected problems with
keys as follows and values are parsed lines with detected problem:
sestatus_disabled
- SELinux is disabled on runtime.sestatus_not_enforcing
- SELinux is not in enforcing mode.grub_disabled
- SELinux is set in Grub to be disabled.grub_not_enforcing
- SELinux is set in Grub to not be in enforcing mode.selinux_conf_disabled
- SELinux is set in configuration file to be disabled.sestatus_not_enforcing
- SELinux is set in configuration file to not be in enforcing mode.
Examples
>>> selinux = shared[SELinux]
>>> selinux.ok()
False
>>> selinux.problems
{'grub_disabled': ['/vmlinuz-2.6.32-642.el6.x86_64 selinux=0 ro root= ...'],
'selinux_conf_disabled': 'disabled',
'sestatus_not_enforcing': 'permissive'}