Search code examples
salt-projectselinux

How to enforce a state only if a minon has SELinux installed?

I have code that installs a custom selinux module. In my fleet of minions there's Fedora-based systems (with SELinux installed) and Debian-based ones (without SELinux ). On the latter the module/installing state should not be used and I am thus looking for a way of retrieving a neat answer to the question "is SELinux installed on this system?" (NOT "is SELinux enforcing on this system?") to use in a corresponding jinja2 if clause.

Attempts that have me despairing are:

  • there appears to be no state in Salt querying whether a given binary is on the $PATH - checking for sestatus is what I was after here.
  • salt.states.selinux is not available on systems devoid of SELinux, so its functionality does not help.
  • I could not find any Salt functionality to query for the local availability of something like salt.states.selinux (see above) either.
  • Something like 
    - unless: - rpm -q libselinux
    (from this answer) also does not work, as rpm is Fedora specific...
  • Checking for absence of /etc/selinux also is not an option, as the Debian systems actually have that.

Any hint on how to go about this is appreciated.

Solution

  • Following this hint, I ended up doing:

    {% if salt['pkg.version']('libselinux') %}
...
{% endif %}

    Not what I would call neat and using somewhat convoluted logic, but it appears to do the trick.