Fixed selinux errors if policycoreutils is not installed.

selinux/manifests/init.pp

@@ -63,8 +63,35 @@ class selinux {
         require => File["/etc/selinux/config"],
     }
     
+    include selinux::tools
+
 }
 
+
+# Install tools for managing SELinux
+#
+class selinux::tools {
+
+    case $operatingsystem {
+        "fedora": { $package = "policycoreutils-python" }
+        "centos": {
+            case $operatingsystemrelease {
+                /^6/: { $package = "policycoreutils-python" }
+                default: { $package = "policycoreutils" }
+            }
+        }
+        default: {
+            fail("selinux::tools not supported on ${operatingsystem}")
+        }
+    }
+
+    package { $package:
+        ensure => installed,
+    }
+
+}
+
+
 # Set SELinux boolean value
 #
 # === Parameters
@@ -109,10 +136,13 @@ define selinux::boolean($value) {
 #
 define selinux::manage_fcontext($type, $recurse = true) {
 
+    include selinux::tools
+
     exec { "semanage fcontext -a -t '${type}' '${name}'":
         path    => "/bin:/usr/bin:/sbin:/usr/sbin",
         unless  => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
         notify  => Exec["restorecon ${name}"],
+        require => Class["selinux::tools"],
     }
 
     if $recurse {
@@ -150,9 +180,12 @@ define selinux::manage_fcontext($type, $recurse = true) {
 #
 define selinux::manage_port($type, $proto) {
 
+    include selinux::tools
+
     exec { "semanage port -a -t ${type} -p ${proto} ${name}":
         path    => "/bin:/usr/bin:/sbin:/usr/sbin",
         unless  => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
+        require => Class["selinux::tools"],
     }
 
 }