SELinux

Combiner for more complex handling of SELinux being disabled by any means available to the users. It uses results of insights.parsers.sestatus.SEStatus, and insights.parsers.selinux_config.SelinuxConfig parsers and insights.combiners.grub_conf.GrubConf combiner.

It contains a dictionary problems in which it stores detected problems with keys as follows and values are parsed lines with detected problem:

  • sestatus_disabled - SELinux is disabled on runtime.

  • sestatus_not_enforcing - SELinux is not in enforcing mode.

  • grub_disabled - SELinux is set in Grub to be disabled.

  • grub_not_enforcing - SELinux is set in Grub to not be in enforcing mode.

  • selinux_conf_disabled - SELinux is set in configuration file to be disabled.

  • sestatus_not_enforcing - SELinux is set in configuration file to not be in enforcing mode.

Examples

>>> selinux = shared[SELinux]
>>> selinux.ok()
False
>>> selinux.problems
{'grub_disabled': ['/vmlinuz-2.6.32-642.el6.x86_64 selinux=0 ro root= ...'],
 'selinux_conf_disabled': 'disabled',
 'sestatus_not_enforcing': 'permissive'}
class insights.combiners.selinux.SELinux(se_status, selinux_config, grub_conf)[source]

Bases: object

A combiner for detecting that SELinux is enabled and running and also enabled at boot time.

ok()[source]

Checks if there are any problems with SELinux configuration.

Returns

bool: True if SELinux is enabled and functional, false otherwise.