8 files changed, 39 insertions, 14 deletions

diff --git a/src/lib/Bcfg2/Client/Tools/APT.py b/src/lib/Bcfg2/Client/Tools/APT.py
index abc76ef1c..9b3dded99 100644
--- a/src/lib/Bcfg2/Client/Tools/APT.py
+++ b/src/lib/Bcfg2/Client/Tools/APT.py
@@ -236,7 +236,7 @@ class APT(Bcfg2.Client.Tools.Tool):
             self.logger.error("Cannot find correct versions of packages:")
             self.logger.error(bad_pkgs)
         if not ipkgs:
-            return
+            return dict()
         if not self.cmd.run(self.pkgcmd % (" ".join(ipkgs))):
             self.logger.error("APT command failed")
         self.pkg_cache = apt.cache.Cache()
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
index c27c7559d..41bff751d 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/__init__.py
@@ -14,7 +14,7 @@ from Bcfg2.Client.Tools.POSIX.base import POSIXTool
 class POSIX(Bcfg2.Client.Tools.Tool):
     """POSIX File support code."""
 
-    options = Bcfg2.Client.Tools.Tool.options + [
+    options = Bcfg2.Client.Tools.Tool.options + POSIXTool.options + [
         Bcfg2.Options.PathOption(
             cf=('paranoid', 'path'), default='/var/cache/bcfg2',
             dest='paranoid_path',
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
index 488920989..89675af02 100644
--- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py
+++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py
@@ -303,7 +303,7 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
             # no context listed
             return True
         secontext = selinux.lgetfilecon(path)[1].split(":")[2]
-        if secontext in Bcfg2.Options.setup.posix_secontext_ignore:
+        if secontext in Bcfg2.Options.setup.secontext_ignore:
             return True
         try:
             if context == '__default__':
@@ -562,8 +562,8 @@ class POSIXTool(Bcfg2.Client.Tools.Tool):
                 except OSError:
                     errors.append("%s has no default SELinux context" %
                                   entry.get("name"))
-            else:
-                wanted_secontext = entry.get("secontext")
+            elif entry.get("secontext"):
+                wanted_secontext = entry.get("secontext").split(":")[2]
             if (wanted_secontext and
                     attrib['current_secontext'] != wanted_secontext):
                 errors.append("SELinux context for path %s is incorrect. "
diff --git a/src/lib/Bcfg2/Client/Tools/Pkgng.py b/src/lib/Bcfg2/Client/Tools/Pkgng.py
index eef86a131..025bc59be 100644
--- a/src/lib/Bcfg2/Client/Tools/Pkgng.py
+++ b/src/lib/Bcfg2/Client/Tools/Pkgng.py
@@ -205,7 +205,7 @@ class Pkgng(Bcfg2.Client.Tools.Tool):
             self.logger.error("Cannot find correct versions of packages:")
             self.logger.error(bad_pkgs)
         if not ipkgs:
-            return
+            return dict()
         if not self.cmd.run(self.pkgcmd % (" ".join(ipkgs))):
             self.logger.error("pkg command failed")
         self._load_pkg_cache()
diff --git a/src/lib/Bcfg2/Client/Tools/RPM.py b/src/lib/Bcfg2/Client/Tools/RPM.py
index 464b7e389..6b379918a 100644
--- a/src/lib/Bcfg2/Client/Tools/RPM.py
+++ b/src/lib/Bcfg2/Client/Tools/RPM.py
@@ -1185,7 +1185,7 @@ class RPM(Bcfg2.Client.Tools.PkgTool):
         self.logger.debug('%s: pkg_verify = %s' %
                           (self.name, Bcfg2.Options.setup.rpm_pkg_verify))
         self.logger.debug('%s: install_missing = %s' %
-                          (self.name, Bcfg2.Options.setup.install_missing))
+                          (self.name, Bcfg2.Options.setup.rpm_install_missing))
         self.logger.debug('%s: fix_version = %s' %
                           (self.name, Bcfg2.Options.setup.rpm_fix_version))
         self.logger.debug('%s: reinstall_broken = %s' %
diff --git a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py
index ea4ca3f5f..bbe04a1a3 100644
--- a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py
+++ b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIX/Testbase.py
@@ -481,11 +481,16 @@ class TestPOSIXTool(TestTool):
 
     @skipUnless(HAS_SELINUX, "SELinux not found, skipping")
     @patchIf(HAS_SELINUX, "selinux.restorecon")
+    @patchIf(HAS_SELINUX, "selinux.lgetfilecon")
     @patchIf(HAS_SELINUX, "selinux.lsetfilecon")
-    def test_set_secontext(self, mock_lsetfilecon, mock_restorecon):
+    def test_set_secontext(self, mock_lsetfilecon, mock_lgetfilecon,
+                           mock_restorecon):
+        Bcfg2.Options.setup.secontext_ignore = ['dosfs_t']
         ptool = self.get_obj()
         entry = lxml.etree.Element("Path", name="/etc/foo", type="file")
 
+        mock_lgetfilecon.return_value = (0, "system_u:object_r:foo_t")
+
         # disable selinux for the initial test
         Bcfg2.Client.Tools.POSIX.base.HAS_SELINUX = False
         self.assertTrue(ptool._set_secontext(entry))
@@ -495,29 +500,46 @@ class TestPOSIXTool(TestTool):
         self.assertTrue(ptool._set_secontext(entry))
         self.assertFalse(mock_restorecon.called)
         self.assertFalse(mock_lsetfilecon.called)
+        self.assertFalse(mock_lgetfilecon.called)
 
         mock_restorecon.reset_mock()
         mock_lsetfilecon.reset_mock()
+        mock_lgetfilecon.reset_mock()
         entry.set("secontext", "__default__")
         self.assertTrue(ptool._set_secontext(entry))
         mock_restorecon.assert_called_with(entry.get("name"))
+        mock_lgetfilecon.assert_called_once_with(entry.get("name"))
         self.assertFalse(mock_lsetfilecon.called)
 
         mock_restorecon.reset_mock()
         mock_lsetfilecon.reset_mock()
+        mock_lgetfilecon.reset_mock()
         mock_lsetfilecon.return_value = 0
         entry.set("secontext", "foo_t")
         self.assertTrue(ptool._set_secontext(entry))
         self.assertFalse(mock_restorecon.called)
+        mock_lgetfilecon.assert_called_once_with(entry.get("name"))
         mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t")
 
         mock_restorecon.reset_mock()
         mock_lsetfilecon.reset_mock()
+        mock_lgetfilecon.reset_mock()
         mock_lsetfilecon.return_value = 1
         self.assertFalse(ptool._set_secontext(entry))
         self.assertFalse(mock_restorecon.called)
+        mock_lgetfilecon.assert_called_once_with(entry.get("name"))
         mock_lsetfilecon.assert_called_with(entry.get("name"), "foo_t")
 
+        # ignored filesystem
+        mock_restorecon.reset_mock()
+        mock_lsetfilecon.reset_mock()
+        mock_lgetfilecon.reset_mock()
+        mock_lgetfilecon.return_value = (0, "system_u:object_r:dosfs_t")
+        self.assertTrue(ptool._set_secontext(entry))
+        self.assertFalse(mock_restorecon.called)
+        self.assertFalse(mock_lsetfilecon.called)
+        mock_lgetfilecon.assert_called_once_with(entry.get("name"))
+
     @patch("grp.getgrnam")
     def test_norm_gid(self, mock_getgrnam):
         ptool = self.get_obj()
@@ -686,7 +708,7 @@ class TestPOSIXTool(TestTool):
         ptool._gather_data = Mock()
         entry = lxml.etree.Element("Path", name="/test", type="file",
                                    group="group", owner="user", mode="664",
-                                   secontext='etc_t')
+                                   secontext='unconfined_u:object_r:etc_t:s0')
         # _verify_metadata() mutates the entry, so we keep a backup so we
         # can start fresh every time
         orig_entry = copy.deepcopy(entry)
diff --git a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIXUsers.py b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIXUsers.py
index cc1ea6fd7..08c20981d 100644
--- a/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIXUsers.py
+++ b/testsuite/Testsrc/Testlib/TestClient/TestTools/TestPOSIXUsers.py
@@ -103,26 +103,26 @@ class TestPOSIXUsers(TestTool):
         # test failure of inherited method
         entry = lxml.etree.Element("POSIXUser", name="test")
         self.assertFalse(users.canInstall(entry))
-        mock_canInstall.assertCalledWith(users, entry)
+        mock_canInstall.assert_called_with(users, entry)
 
         # test with no uid specified
         reset()
         mock_canInstall.return_value = True
         self.assertTrue(users.canInstall(entry))
-        mock_canInstall.assertCalledWith(users, entry)
+        mock_canInstall.assert_called_with(users, entry)
 
         # test with uid specified, not in managed range
         reset()
         entry.set("uid", "1000")
         self.assertFalse(users.canInstall(entry))
-        mock_canInstall.assertCalledWith(users, entry)
+        mock_canInstall.assert_called_with(users, entry)
         users._in_managed_range.assert_called_with(entry.tag, "1000")
 
         # test with uid specified, in managed range
         reset()
         users._in_managed_range.return_value = True
         self.assertTrue(users.canInstall(entry))
-        mock_canInstall.assertCalledWith(users, entry)
+        mock_canInstall.assert_called_with(users, entry)
         users._in_managed_range.assert_called_with(entry.tag, "1000")
 
     @patch("Bcfg2.Client.Tools.Tool.Inventory")
diff --git a/testsuite/common.py b/testsuite/common.py
index 9f51cc14f..396f1887b 100644
--- a/testsuite/common.py
+++ b/testsuite/common.py
@@ -15,7 +15,10 @@ import codecs
 import lxml.etree
 import Bcfg2.Options
 import Bcfg2.Utils
-from mock import patch, MagicMock, _patch, DEFAULT
+try:
+    from mock.mock import patch, MagicMock, _patch, DEFAULT
+except ImportError:
+    from mock import patch, MagicMock, _patch, DEFAULT
 try:
     from unittest2 import skip, skipIf, skipUnless, TestCase
 except ImportError: