Update ci.yml and test spec, clean up lint errors

.github/workflows/ci.yml

@@ -10,10 +10,16 @@ name: ci
 jobs:
   lint-unit:
     uses: sous-chefs/.github/.github/workflows/[email protected]
+    permissions:
+      actions: write
+      checks: write
+      pull-requests: write
+      statuses: write
+      issues: write
 
   integration:
     needs: lint-unit
-    runs-on: macos-10.15
+    runs-on: ubuntu-latest
     strategy:
       matrix:
         os:
@@ -49,6 +55,7 @@ jobs:
         uses: actionshub/[email protected]
         env:
           CHEF_LICENSE: accept-no-persist
+          KITCHEN_LOCAL_YAML: kitchen.dokken.yml
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}

documentation/selinux_boolean.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_boolean
 
+[Back to resource list](../README.md#resources)
+
 Set SELinux boolean values.
 
 Introduced: v4.0.0

documentation/selinux_fcontext.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_fcontext
 
+[Back to resource list](../README.md#resources)
+
 Set the SELinux context of files with `semanage fcontext`.
 
 ## Actions

documentation/selinux_install.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_install
 
+[Back to resource list](../README.md#resources)
+
 The `selinux_install` resource is used to encapsulate the set of selinux packages to install in order to manage selinux. It also ensures the directory `/etc/selinux` is created.
 
 Introduced: v4.0.0

documentation/selinux_login.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_login
 
+[Back to resource list](../README.md#resources)
+
 The `selinux_login` resource is used to manage Linux user to SELinux user mappings on the system.
 
 ## Actions

documentation/selinux_module.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_module
 
+[Back to resource list](../README.md#resources)
+
 Create an SELinux module from a cookfile file or content provided as a string.
 
 Introduced: v4.0.0

documentation/selinux_permissive.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_permissive
 
+[Back to resource list](../README.md#resources)
+
 Allows some types to misbehave without stopping them. Not as good as specific policies, but better than disabling SELinux entirely.
 
 > This does not set the SELinux state to permissive! Use [`selinux_state`](selinux_state.md) for that.

documentation/selinux_port.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_port
 
+[Back to resource list](../README.md#resources)
+
 Allows assigning a network port to a certain SELinux context, e.g. for running a webserver on a non-standard port.
 
 ## Actions

documentation/selinux_state.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_state
 
+[Back to resource list](../README.md#resources)
+
 The `selinux_state` resource is used to manage the SELinux state on the system. It does this by using the `setenforce` command and rendering the `/etc/selinux/config` file from a template.
 
 Introduced: v4.0.0
@@ -13,7 +13,7 @@ Introduced: v4.0.0
 | `:enforcing`  | *(Default)* Set the SELinux state to enforcing |
 | `:permissive` | Set the state to permissive                    |
 | `:disabled`   | Set the state to disabled                      |
-`
+
 > ⚠ Switching to or from `disabled` requires a reboot!
 
 ## Properties

documentation/selinux_user.md

@@ -1,7 +1,7 @@
-[Back to resource list](../README.md#resources)
-
 # selinux_user
 
+[Back to resource list](../README.md#resources)
+
 The `selinux_user` resource is used to manage SELinux users on the system.
 
 ## Actions

spec/unit/resources/fcontext_spec.rb

@@ -17,9 +17,10 @@
 
   context 'when not set' do
     stubs_for_provider('selinux_fcontext[/test]') do |provider|
-      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF)
+      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF
         /other/files        all files        user:role:type:level
       EOF
+      )
     end
 
     # this is what actually checks that the fcontext was set correctly
@@ -38,15 +39,18 @@
 
   context 'when set to incorrect value' do
     stubs_for_provider('selinux_fcontext[/test]') do |provider|
-      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF)
-        /test        all files        user:role:type:level
+      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF
+        /test        all files        user:role:type:level'
       EOF
+      )
     end
 
     # this is what actually checks that the fcontext was set correctly
     # incorrect commands would not be stubbed and would throw error
     stubs_for_provider('selinux_fcontext[/test]') do |provider|
-      # when set but incorrect, only modify calls (-m) and delete calls (-d) should happen
+      # when set but incorrect, the incorrect context is "deemed" as the built-in type, and
+      # attemp to perform the full cycle of activities
+      allow(provider).to receive_shell_out("semanage fcontext -a -f a -t foo '/test'")
       allow(provider).to receive_shell_out("semanage fcontext -m -f a -t foo '/test'")
       allow(provider).to receive_shell_out("semanage fcontext -d -f a '/test'")
     end
@@ -60,9 +64,10 @@
 
   context 'when set to correct value' do
     stubs_for_provider('selinux_fcontext[/test]') do |provider|
-      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF)
+      allow(provider).to receive_shell_out('semanage fcontext -l', stdout: <<~EOF
         /test        all files        user:role:foo:level
       EOF
+      )
     end
 
     # this is what actually checks that the fcontext was set correctly

test/cookbooks/selinux_test/recipes/fcontext.rb

@@ -56,5 +56,3 @@
   action :delete
   only_if { node.run_state['chef_converge_counter'] == 1 }
 end
-
-