[COOK-4218] Support setting SELinux boolean values

Signed-off-by: Sean OMeara <someara@opscode.com>

Author: elliotkendallUCSF

README.md

@@ -19,6 +19,10 @@ Node Attributes
   The state to set  by default, to match the default SELinux state on
   RHEL. Can be "enforcing", "permissive", "disabled"
 
+* `node['selinux']['booleans']` - A hash of SELinux boolean names and the
+  values they should be set to. Values can be off, false, or 0 to disable;
+  or on, true, or 1 to enable.
+
 Resources/Providers
 ===================
 

attributes/default.rb

@@ -1 +1,2 @@
 default['selinux']['state'] = 'enforcing'
+default['selinux']['booleans'] = {}

libraries/selinux_service_helpers.rb

@@ -0,0 +1,13 @@
+module SELinuxServiceHelpers
+  def self.selinux_bool(bool)
+    if ['on', 'true', '1'].include? bool
+      'on'
+    elsif ['off', 'false', '0'].include? bool
+      'off'
+    else
+      Chef::Log.warn "Not a valid boolean value: #{bool}"
+      nil
+    end
+  end
+end
+    

recipes/default.rb

@@ -20,3 +20,13 @@
   action node['selinux']['state'].downcase.to_sym
 end
 
+node['selinux']['booleans'].each do |boolean, value|
+  value = SELinuxServiceHelpers.selinux_bool(value)
+  unless value.nil?
+    script "boolean_#{boolean}" do
+      interpreter "bash"
+      code "setsebool -P #{boolean} #{value}"
+      not_if "getsebool #{boolean} |egrep -q \" #{value}\"$"
+    end
+  end
+end