On September 1st, 2014, 2:29 p.m. CEST, Michal Minar wrote:

src/selinux/selinux.c (Diff revision 1)
		83	while((read = getline (&line, &line_len, f)) != -1) {
		84	if (g_regex_match(re, line, 0, &mi)) {
		85	read = snprintf(line, BUFLEN - 1, "SELINUX=%s\n", (newstate == 0) ? "disabled" :
		86	(newstate == 1) ? "permissive" :
		87	(newstate == 2) ? "enforcing" :
		88	"unknown");
		89	lmi_debug("SELINUX default state changed to %s", line);
		90	}
		91	g_strlcat(content, line, CONTENT_SIZE);
		92	content_len += read;

What if SELINUX=* line is commented out?

On September 5th, 2014, 2:59 p.m. CEST, Jan Synacek wrote:

Your answer lies on the line 84.

On September 8th, 2014, 9 a.m. CEST, Michal Minar wrote:

Ok, but in this case the new state won't be set or am I missing something?

Yes, it should be set only if it's active (not commented).

On September 1st, 2014, 2:29 p.m. CEST, Michal Minar wrote:

src/selinux/selinux.c (Diff revision 1)
		478	if (include_input)
		479	/* not interested in input parameters */
		480	return st;

If believe
if (!include_output)
    return st;


is what you really want. But input arguments could be filled as well - they are already defined in __MethodParameters_* classes.

On September 5th, 2014, 2:59 p.m. CEST, Jan Synacek wrote:

My understanding was that either include_input, or include_output are set. Therefore, I was only interested in the output parameters and didn't want the function to go any further if the input parameters were set. It seems to work. Or am I misunderstanding something?

On September 8th, 2014, 9 a.m. CEST, Michal Minar wrote:

I remeber telling you this. But things have changed since then. Now when job is successfully finished, job's associated method result will contain __MethodParameters_<methodname>_Result with both input and output parameters filled.
Sorry for confusion.

I'll look into this some more.

On September 1st, 2014, 2:29 p.m. CEST, Michal Minar wrote:

src/selinux/test/test_selinux.py (Diff revision 1)
		353	self.assertEquals(res[0], 0)
		354	inst = self._get_instance()
		355	self._verify_selinux_states(inst)

I'd also check that desired states were set.

On September 5th, 2014, 2:59 p.m. CEST, Jan Synacek wrote:

Well, that's what line 355 does.

On September 8th, 2014, 9 a.m. CEST, Michal Minar wrote:

I don't think so. IMHO _verify_selinux_states() just checks whether the provider is in sync with library - their states matches. That's right to test for sure. What I have on mind though is something like self.assertEqual(desired_new_state, inst.SELinuxState).

Ok, I'll fix that.

- Jan

On September 5th, 2014, 3:01 p.m. CEST, Jan Synacek wrote:

implement SELinux provider
In case diffs don't work, I'll track changes in my WIP branch until the patch is merged:
https://git.fedorahosted.org/cgit/openlmi-providers.git/log/?h=selinux-devel