diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index 6b2b794..8c06c7b 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -255,11 +255,13 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, + seltype => "var_lib_t", require => Package["puppetmaster"], } file { "/srv/puppet": ensure => link, target => "${puppet_datadir}", + seltype => "var_lib_t", require => File["${puppet_datadir}"], } } else { @@ -271,16 +273,31 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, + seltype => "var_lib_t", require => Package["puppetmaster"], } } + if "${selinux}" == "true" { + selinux::manage_fcontext { "/srv/puppet(/.*)?": + type => "var_lib_t", + before => File["/srv/puppet"] + } + if $puppet_datadir { + selinux::manage_fcontext { "${puppet_datadir}(/.*)?": + type => "var_lib_t", + before => File[$puppet_datadir], + } + } + } + if $puppet_storeconfigs != "none" { file { "/srv/puppet/storeconfigs": ensure => directory, mode => 0750, owner => $user, group => $group, + seltype => "var_lib_t", require => File["/srv/puppet"], } } @@ -291,6 +308,7 @@ class puppet::server::common inherits puppet::client { mode => 0750, owner => $user, group => $group, + seltype => "var_lib_t", require => File["/srv/puppet"], } file { [ "/srv/puppet/files", @@ -302,6 +320,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, + seltype => "var_lib_t", require => File["/srv/puppet"], } file { "/srv/puppet/files/common": @@ -312,6 +331,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, + seltype => "var_lib_t", require => File["/srv/puppet/files"], } file { "/srv/puppet/files/private": @@ -319,6 +339,7 @@ class puppet::server::common inherits puppet::client { mode => 0750, owner => root, group => $group, + seltype => "var_lib_t", require => File["/srv/puppet/files"], }