tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed selinux errors if policycoreutils is not installed.

Browse source
This commit is contained in:
Timo Mkinen 2011-11-15 14:12:05 +02:00
parent 8e386aba9a
commit 0b58c97c1f
1 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
selinux/manifests/init.pp
View file

@ -63,8 +63,35 @@ class selinux {
require => File["/etc/selinux/config"],
}
include selinux::tools
}
# Install tools for managing SELinux
#
class selinux::tools {
case $operatingsystem {
"fedora": { $package = "policycoreutils-python" }
"centos": {
case $operatingsystemrelease {
/^6/: { $package = "policycoreutils-python" }
default: { $package = "policycoreutils" }
}
}
default: {
fail("selinux::tools not supported on ${operatingsystem}")
}
}
package { $package:
ensure => installed,
}
}
# Set SELinux boolean value
#
# === Parameters
@ -109,10 +136,13 @@ define selinux::boolean($value) {
#
define selinux::manage_fcontext($type, $recurse = true) {
include selinux::tools
exec { "semanage fcontext -a -t '${type}' '${name}'":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
notify => Exec["restorecon ${name}"],
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
notify => Exec["restorecon ${name}"],
require => Class["selinux::tools"],
}
if $recurse {
@ -150,9 +180,12 @@ define selinux::manage_fcontext($type, $recurse = true) {
#
define selinux::manage_port($type, $proto) {
include selinux::tools
exec { "semanage port -a -t ${type} -p ${proto} ${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
require => Class["selinux::tools"],
}
}