From a54d0e444ee7f4bde6a72e7c2b68d755f3f627c0 Mon Sep 17 00:00:00 2001
From: Andreas Perhab <andreas.perhab@wt-io-it.at>
Date: Mon, 12 Jul 2021 09:53:58 +0200
Subject: [PATCH] enable starting autoheal privileged for SELinux

---
 tests/healthcheck.yaml   |  1 +
 tests/test_healtcheck.py | 20 ++++++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/tests/healthcheck.yaml b/tests/healthcheck.yaml
index 6f38e7c..0552a6c 100644
--- a/tests/healthcheck.yaml
+++ b/tests/healthcheck.yaml
@@ -6,6 +6,7 @@ services:
     environment:
       AUTOHEAL_INTERVAL: 1
       AUTOHEAL_CONTAINER_LABEL: "AUTOHEAL_${COMPOSE_PROJECT_NAME}"
+    privileged: "${OS_NEEDS_PRIVILEGES_FOR_DOCKER_SOCK:-false}"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
 
diff --git a/tests/test_healtcheck.py b/tests/test_healtcheck.py
index d3a9e01..fe64d18 100644
--- a/tests/test_healtcheck.py
+++ b/tests/test_healtcheck.py
@@ -6,8 +6,8 @@
 
 import plumbum.commands.processes
 import pytest
-from plumbum import local
-from plumbum.cmd import docker, docker_compose
+from plumbum import local, TF
+from plumbum.cmd import docker, docker_compose, which
 
 HEALTHCHECK_YAML = os.path.abspath("tests/healthcheck.yaml")
 
@@ -70,13 +70,25 @@ def _sha256(text):
     return hashlib.sha256(str(text).encode("utf-8")).hexdigest()
 
 
+@pytest.fixture(scope="session")
+def os_needs_privileges():
+    if which["getenforce"] & TF:
+        # if we can find getenforce on the current system, SELinux is probably installed and we need to start
+        # autoheal with privileges
+        return "true"
+    return "false"
+
+
 @pytest.fixture(scope="function", autouse=True)
-def _cleanup_docker_compose(tmp_path):
+def _cleanup_docker_compose(tmp_path, os_needs_privileges):
     with local.cwd(tmp_path):
         custom_compose_project_name = "{}_{}".format(
             os.path.basename(tmp_path), _sha256(tmp_path)[:6]
         )
-        with local.env(COMPOSE_PROJECT_NAME=custom_compose_project_name) as env:
+        with local.env(
+            COMPOSE_PROJECT_NAME=custom_compose_project_name,
+            OS_NEEDS_PRIVILEGES_FOR_DOCKER_SOCK=os_needs_privileges,
+        ) as env:
             yield env
 
             # stop autoheal first to prevent it from restarting containers to be stopped