I have code that installs a custom selinux
module. In my fleet of minions there's Fedora-based systems (with SELinux installed) and Debian-based ones (without SELinux ). On the latter the module/installing state should not be used and I am thus looking for a way of retrieving a neat answer to the question "is SELinux installed on this system?" (NOT "is SELinux enforcing on this system?") to use in a corresponding jinja2
if
clause.
Attempts that have me despairing are:
$PATH
- checking for sestatus
is what I was after here.salt.states.selinux
is not available on systems devoid of SELinux, so its functionality does not help.salt.states.selinux
(see above) either.- unless: - rpm -q libselinux
(from this answer) also does not work, as rpm
is Fedora specific...Any hint on how to go about this is appreciated.
If selinux is installed, then a grain is available:
{% if 'selinux' in grains %}
# stuff that's only included if selinux is available
{% endif %}
You can also use that grain for minion targeting:
base:
'selinux:*':
- match: grain
- my_states.for_selinux_only
In general, you can also check whether a module has been loaded:
{% if 'selinux.getconfig' in salt %}
Whether an executable is on the PATH:
{% if 'sestatus' | which %}
Whether a package is installed (which also works in an onlyif
parameter):
{% if salt['pkg.version']('libselinux') %}