Skip to content

Commit 8cde4d2

Browse files
authored
Add SELinux host preflight check (#1871)
* Add SELinux host preflight check
1 parent bb65662 commit 8cde4d2

File tree

1 file changed

+21
-0
lines changed

1 file changed

+21
-0
lines changed

pkg/preflights/host-preflight.yaml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -159,6 +159,10 @@ spec:
159159
address: '{{ $element }}'
160160
timeout: 30s
161161
{{- end}}
162+
- run:
163+
collectorName: 'selinux-mode'
164+
command: 'sh'
165+
args: ['-c', 'getenforce || echo "Missing"']
162166
analyzers:
163167
- cpu:
164168
checkName: CPU
@@ -950,3 +954,20 @@ spec:
950954
when: "connected"
951955
message: "Successful TCP connection to {{ $element }}."
952956
{{- end}}
957+
- textAnalyze:
958+
checkName: SELinux Mode
959+
fileName: host-collectors/run-host/selinux-mode.txt
960+
regexGroups: '(?P<Mode>Enforcing|Permissive|Disabled|Missing)'
961+
outcomes:
962+
- fail:
963+
when: "Mode == Enforcing"
964+
message: SELinux must be disabled or run in permissive mode.
965+
- pass:
966+
when: "Mode == Permissive"
967+
message: SELinux is running in permissive mode.
968+
- pass:
969+
when: "Mode == Disabled"
970+
message: SELinux is disabled.
971+
- pass:
972+
when: "Mode == Missing"
973+
message: SELinux is not installed.

0 commit comments

Comments
 (0)