Review comments fixed

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

lib/inspec/resources/selinux.rb

@@ -21,16 +21,13 @@ module Inspec::Resources
       cmd = inspec.command("sestatus")
 
       if cmd.exit_status != 0
-        return skip_resource "#{cmd.stderr}"
+        # `sestatus` command not found error message comes in stdout so handling both here
+        out = cmd.stdout + "\n" + cmd.stderr
+        return skip_resource "Skipping resource: #{out}"
       end
 
       result = cmd.stdout.delete(" ").gsub(/\n/, ",").gsub(/\r/, "").downcase
       @data = Hash[result.scan(/([^:]+):([^,]+)[,$]/)]
-
-      return if inspec.os.linux?
-
-      @data = []
-      skip_resource "The 'selinux' resource is not supported non linux OS."
     end
 
     def installed?
@@ -38,15 +35,15 @@ module Inspec::Resources
     end
 
     def disabled?
-      @data["selinuxstatus"] == "disabled" unless @data.empty?
+      @data["selinuxstatus"] == "disabled"
     end
 
     def enforcing?
-      @data["currentmode"] == "enforcing" unless @data.empty?
+      @data["currentmode"] == "enforcing"
     end
 
     def permissive?
-      @data["currentmode"] == "permissive" unless @data.empty?
+      @data["currentmode"] == "permissive"
     end
 
     def to_s

test/fixtures/files/selinux_conf

@@ -0,0 +1,11 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#     enforcing - SELinux security policy is enforced.
+#     permissive - SELinux prints warnings instead of enforcing.
+#     disabled - No SELinux policy is loaded.
+SELINUX=enforcing
+# SELINUXTYPE= can take one of three values:
+#     targeted - Targeted processes are protected,
+#     minimum - Modification of targeted policy. Only selected processes are protected.
+#     mls - Multi Level Security protection.
+SELINUXTYPE=targeted

test/helpers/mock_loader.rb

@@ -171,6 +171,7 @@ class MockLoader
       "/etc/cron.d/crondotd" => mockfile.call("crondotd"),
       "/etc/postfix/main.cf" => mockfile.call("main.cf"),
       "/etc/postfix/other.cf" => mockfile.call("other.cf"),
+      "/etc/selinux/selinux_conf" => mockfile.call("selinux_conf"),
     }
 
     # create all mock commands
@@ -559,6 +560,12 @@ class MockLoader
       "sestatus" => cmd.call("sestatus"),
     }
 
+    if @platform && (@platform[:name] == "windows" || @platform[:name] == "freebsd")
+      mock_cmds.merge!(
+          "sestatus" => empty.call
+        )
+    end
+
     # ports on linux
     # allow the ss and/or netstat commands to exist so the later mock is called
     if @platform && @platform[:name] == "alpine"

test/unit/resources/selinux_test.rb

@@ -3,6 +3,11 @@ require "inspec/resource"
 require "inspec/resources/selinux"
 
 describe "Inspec::Resources::Selinux" do
+  it "verify selinux is installed" do
+    resource = load_resource("selinux", "/etc/selinux/selinux_conf")
+    _(resource.installed?).must_equal true
+  end
+
   it "verify selinux state - enforcing" do
     resource = load_resource("selinux")
     _(resource.enforcing?).must_equal true
@@ -27,11 +32,13 @@ describe "Inspec::Resources::Selinux" do
 
   it "verify selinux on windows" do
     resource = MockLoader.new(:windows).load_resource("selinux")
-    _(resource.enforcing?).must_be_nil
+    _(resource.installed?).must_equal false
+    _(resource.enforcing?).must_equal false
   end
 
   it "verify selinux on freebsd" do
     resource = MockLoader.new(:freebsd12).load_resource("selinux")
-    _(resource.enforcing?).must_be_nil
+    _(resource.installed?).must_equal false
+    _(resource.enforcing?).must_equal false
   end
 end