selinux: Added parameter client_users for selinux::setroubleshoot

2013-06-17 23:15:18 +03:00 · 2013-06-17 23:15:18 +03:00 · 300de9e57b
commit 300de9e57b
parent c19bffd3ec
1 changed files with 15 additions and 1 deletions
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@ -62,16 +62,21 @@ class selinux {
 #
 # === Parameters
 #
+#   $client_users:
+#       Array of users allowed to access the setroubleshoot server.
+#       Defaults to ["*"].
+#
 #   $mailto:
 #       Array of email addresses where to send SELinux alerts.
 #       Disabled by default.
 #
-class selinux::setroubleshoot($mailto=undef) {
+class selinux::setroubleshoot($client_users=["*"], $mailto=undef) {

    if $::selinux == "true" {
        package { "setroubleshoot":
            ensure => installed,
        }
+
        if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
            service { "setroubleshoot":
                ensure    => running,
@ -80,6 +85,15 @@ class selinux::setroubleshoot($mailto=undef) {
                require   => Package["setroubleshoot"],
            }
        }
+
+        $client_users_real = inline_template("<%= @client_users.join(',') %>")
+        augeas { "set-setroubleshoot-client_users":
+            changes => "set access/client_users '${client_users_real}'",
+            incl    => "/etc/setroubleshoot/setroubleshoot.conf",
+            lens    => "Puppet.lns",
+            require => Package["setroubleshoot"],
+        }
+
        if $mailto {
            if !$mail_server {
                $mail_server = "127.0.0.1"