From b2c0187500b83c578e162b3901a89dbf67de55e4 Mon Sep 17 00:00:00 2001
From: Urs Roesch <github@bun.ch>
Date: Thu, 27 Aug 2015 22:41:54 +0200
Subject: [PATCH] selinux: adding new matcher with_policy

---
 lib/serverspec/matcher.rb               |  4 ++++
 lib/serverspec/matcher/be_enforcing.rb  | 10 ++++++++++
 lib/serverspec/matcher/be_permissive.rb | 10 ++++++++++
 lib/serverspec/type/selinux.rb          |  8 ++++----
 4 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 lib/serverspec/matcher/be_enforcing.rb
 create mode 100644 lib/serverspec/matcher/be_permissive.rb

diff --git a/lib/serverspec/matcher.rb b/lib/serverspec/matcher.rb
index 5aa695d0..f04e0cbf 100644
--- a/lib/serverspec/matcher.rb
+++ b/lib/serverspec/matcher.rb
@@ -15,6 +15,10 @@
 # package
 require 'serverspec/matcher/be_installed'
 
+# selinux
+require 'serverspec/matcher/be_enforcing'
+require 'serverspec/matcher/be_permissive'
+
 # service
 require 'serverspec/matcher/be_enabled'
 require 'serverspec/matcher/be_running'
diff --git a/lib/serverspec/matcher/be_enforcing.rb b/lib/serverspec/matcher/be_enforcing.rb
new file mode 100644
index 00000000..38329418
--- /dev/null
+++ b/lib/serverspec/matcher/be_enforcing.rb
@@ -0,0 +1,10 @@
+RSpec::Matchers.define :be_enforcing do
+  match do |selinux|
+    selinux.enforcing?(@with_policy)
+  end
+
+  chain :with_policy do |with_policy|
+    @with_policy = with_policy
+  end
+
+end
diff --git a/lib/serverspec/matcher/be_permissive.rb b/lib/serverspec/matcher/be_permissive.rb
new file mode 100644
index 00000000..d2a5d167
--- /dev/null
+++ b/lib/serverspec/matcher/be_permissive.rb
@@ -0,0 +1,10 @@
+RSpec::Matchers.define :be_permissive do
+  match do |selinux|
+    selinux.permissive?(@with_policy)
+  end
+
+  chain :with_policy do |with_policy|
+    @with_policy = with_policy
+  end
+
+end
diff --git a/lib/serverspec/type/selinux.rb b/lib/serverspec/type/selinux.rb
index c7959180..4e19756d 100644
--- a/lib/serverspec/type/selinux.rb
+++ b/lib/serverspec/type/selinux.rb
@@ -4,12 +4,12 @@ def disabled?
       @runner.check_selinux_has_mode('disabled')
     end
 
-    def enforcing?
-      @runner.check_selinux_has_mode('enforcing')
+    def enforcing?(with_policy)
+      @runner.check_selinux_has_mode('enforcing', with_policy)
     end
 
-    def permissive?
-      @runner.check_selinux_has_mode('permissive')
+    def permissive?(with_policy)
+      @runner.check_selinux_has_mode('permissive', with_policy)
     end
 
     def to_s