fcos/v1_6_exp: Add validations to SElinux

yasminvalim · yasminvalim · commit 7c08dc71ddd9 · 2023-09-07T11:35:36.000-03:00
Adds a SElinux validations and add new errors.
diff --git a/config/common/errors.go b/config/common/errors.go
@@ -93,6 +93,11 @@ var (
 
 	// Kernel arguments
 	ErrGeneralKernelArgumentSupport = errors.New("kernel argument customization is not supported in this spec version")
+
+	// SElinux
+	ErrSelinuxInvalidModeValue          = errors.New("Invalid Selinux mode value, it must be true(enforcing) or false(permissive)")
+	ErrSelinuxInvalidStateValue         = errors.New("Invalid Selinux state value, it must be true(enabled) or false(disabled)")
+	ErrSelinuxModeRequiredWithStateTrue = errors.New("Invalid configuration. If Selinux is enabled, a mode should be defined.")
 )
 
 type ErrUnmarshal struct {
diff --git a/config/fcos/v1_6_exp/validate.go b/config/fcos/v1_6_exp/validate.go
@@ -77,3 +77,17 @@ func (user GrubUser) Validate(c path.ContextPath) (r report.Report) {
 	}
 	return
 }
+
+func (s *Selinux) ValidateSelinux(c path.ContextPath) (r report.Report) {
+	if s.State != nil {
+		if !(*s.State == true || *s.State == false) {
+			r.AddOnError(c.Append("state"), common.ErrSelinuxInvalidStateValue)
+		} else if *s.State == true && s.Mode == nil {
+			r.AddOnError(c.Append("mode"), common.ErrSelinuxModeRequiredWithStateTrue)
+		}
+	}
+	if s.Mode != nil && !(*s.Mode == true || *s.Mode == false) {
+		r.AddOnError(c.Append("mode"), common.ErrSelinuxInvalidModeValue)
+	}
+	return
+}
