From 9d259d4fa7ed63a0e289031678bbc3f60a30a5a7 Mon Sep 17 00:00:00 2001
From: Nick Metz <nmetz@Nicks-MacBook-Pro.local>
Date: Wed, 21 Nov 2018 10:37:14 +0100
Subject: [PATCH 1/2] This is fix for #182 - Dependency problem in
 linux/system/selinux.sls.

- This change will remove dependecy from linux/system/repo.sls in linux/system/selinux.sls.
- It also change structure from pillars selinux

old:
linux:
  system:
    ...
    selinux: permissive

new:
linux:
  system:
    ...
    selinux:
      pkgs: ['policycoreutils', 'policycoreutils-python'],
      mode: permissive
---
 linux/map.jinja          | 20 +++++++++++++++-----
 linux/system/selinux.sls | 17 +++++++++--------
 2 files changed, 24 insertions(+), 13 deletions(-)

diff --git a/linux/map.jinja b/linux/map.jinja
index da37a63e..c6457a8c 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -15,8 +15,11 @@
         'package': {},
         'autoupdates': {
           'pkgs': []
-         },
-        'selinux': 'permissive',
+        },
+        'selinux': {
+             'pkgs': [],
+             'mode': 'permissive',
+        },
         'ca_certs_dir': '/usr/local/share/ca-certificates',
         'ca_certs_bin': 'update-ca-certificates',
         'atop': {
@@ -25,7 +28,7 @@
              'autostart': true,
              'logpath': '/var/log/atop',
              'outfile': '/var/log/atop/daily.log'
-         },
+        },
         'at': {
              'pkgs': [],
              'services': []
@@ -52,7 +55,10 @@
         'autoupdates': {
              'pkgs': ['unattended-upgrades']
          },
-        'selinux': 'permissive',
+        'selinux': {
+             'pkgs': [],
+             'mode': 'permissive',
+        },
         'ca_certs_dir': '/usr/local/share/ca-certificates',
         'ca_certs_bin': 'update-ca-certificates',
         'atop': {
@@ -90,7 +96,10 @@
         'autoupdates': {
              'pkgs': []
          },
-        'selinux': 'permissive',
+        'selinux': {
+             'pkgs': ['policycoreutils','policycoreutils-python'],
+             'mode': 'permissive',
+        },
         'ca_certs_dir': '/etc/pki/ca-trust/source/anchors',
         'ca_certs_bin': 'update-ca-trust extract',
         'atop': {
@@ -381,6 +390,7 @@ Debian:
              'pkgs': [],
              'service': 'multipath'
          },
+        'lvm_pkgs': ['lvm2'],
     },
 }, merge=salt['grains.filter_by']({
     'trusty': {
diff --git a/linux/system/selinux.sls b/linux/system/selinux.sls
index 245cc8d0..fa82bdd4 100644
--- a/linux/system/selinux.sls
+++ b/linux/system/selinux.sls
@@ -1,18 +1,19 @@
 {%- from "linux/map.jinja" import system with context %}
 {%- if system.selinux is defined %}
 
-include:
-- linux.system.repo
+  {% if system.selinux.pkgs %}
+linux_system_selinux_pkgs:
+  pkg.installed:
+  - pkgs: {{ system.selinux.pkgs }}
+  {%- endif %}
 
-{%- if grains.os_family == 'RedHat' %}
-  {%- set mode = system.selinux %}
+  {%- if grains.os_family == 'RedHat' %}
 
-{{ mode }}:
+{{ system.selinux.mode }}:
   selinux.mode:
     - require:
-      - pkg: linux_repo_prereq_pkgs
-
-{%- endif %}
+      - pkg: linux_system_selinux_pkgs
 
+  {%- endif %}
 {%- endif %}
 

From a8dee645185295cf5361604bc98e094dd9d22dfc Mon Sep 17 00:00:00 2001
From: Nick Metz <nmetz@Nicks-MacBook-Pro.local>
Date: Thu, 22 Nov 2018 16:06:58 +0100
Subject: [PATCH 2/2] This is fix for #182 part 2. Add backward compatibility.

- We will check now if pillar system.selinux is a map for new format
- If system.selinux is not a map use old format
- policycoreutils and policycoreutils-python are not nessasary for basic selinux configuration
  we need this packages later to add selinux rules.
- Added new format to test pillars
---
 linux/map.jinja          |  2 +-
 linux/system/selinux.sls | 14 ++++++++++++--
 tests/pillar/system.sls  |  3 ++-
 3 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/linux/map.jinja b/linux/map.jinja
index c6457a8c..0f0a44ac 100644
--- a/linux/map.jinja
+++ b/linux/map.jinja
@@ -80,7 +80,7 @@
          },
     },
     'RedHat': {
-        'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'],
+        'pkgs': ['telnet', 'wget'],
         'utc': true,
         'user': {},
         'group': {},
diff --git a/linux/system/selinux.sls b/linux/system/selinux.sls
index fa82bdd4..0ccfab08 100644
--- a/linux/system/selinux.sls
+++ b/linux/system/selinux.sls
@@ -1,5 +1,8 @@
 {%- from "linux/map.jinja" import system with context %}
 {%- if system.selinux is defined %}
+{%- if grains.os_family == 'RedHat' %}
+
+{% if system.selinux is mapping %}
 
   {% if system.selinux.pkgs %}
 linux_system_selinux_pkgs:
@@ -7,13 +10,20 @@ linux_system_selinux_pkgs:
   - pkgs: {{ system.selinux.pkgs }}
   {%- endif %}
 
-  {%- if grains.os_family == 'RedHat' %}
-
+  {%- if system.selinux.mode %}
 {{ system.selinux.mode }}:
   selinux.mode:
     - require:
       - pkg: linux_system_selinux_pkgs
+  {%- endif %}
+
+  {%- else %}
+
+{{ system.selinux }}:
+  selinux.mode
 
   {%- endif %}
+
+{%- endif %}
 {%- endif %}
 
diff --git a/tests/pillar/system.sls b/tests/pillar/system.sls
index 825b04b1..f0385b96 100644
--- a/tests/pillar/system.sls
+++ b/tests/pillar/system.sls
@@ -24,7 +24,8 @@ linux:
     domain: ci.local
     environment: prd
     purge_repos: true
-    selinux: permissive
+    selinux:
+      mode: permissive
     directory:
       /tmp/test:
         makedirs: true