From 3279af12084aa69b63aab8408955fd414cd39c75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20M=E4kinen?= Date: Sun, 1 Jul 2012 21:23:13 +0300 Subject: [PATCH] SELinux context fixes for puppetmaster on CentOS 6. --- puppet/manifests/init.pp | 52 ++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index b7f74f7..8839e58 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -193,6 +193,12 @@ class puppet::server { # class puppet::server::common inherits puppet::client { + if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ { + $seltype = "var_lib_t" + } else { + $seltype = "puppet_var_lib_t" + } + case $operatingsystem { "openbsd": { $user = "_puppet" @@ -283,13 +289,17 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => "var_lib_t", + seltype => $seltype, require => Package["puppetmaster"], } + selinux::manage_fcontext { "${puppet_datadir}(/.*)?": + type => $seltype, + before => File[$puppet_datadir], + } file { "/srv/puppet": ensure => link, target => $puppet_datadir, - seltype => "var_lib_t", + seltype => $seltype, require => File[$puppet_datadir], } } else { @@ -301,22 +311,13 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => "var_lib_t", + seltype => $seltype, require => Package["puppetmaster"], } } - - if "${selinux}" == "true" { - selinux::manage_fcontext { "/srv/puppet(/.*)?": - type => "var_lib_t", - before => File["/srv/puppet"] - } - if $puppet_datadir { - selinux::manage_fcontext { "${puppet_datadir}(/.*)?": - type => "var_lib_t", - before => File[$puppet_datadir], - } - } + selinux::manage_fcontext { "/srv/puppet(/.*)?": + type => $seltype, + before => File[$puppet_datadir], } if $puppet_storeconfigs != "none" { @@ -325,7 +326,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => "var_lib_t", + seltype => $seltype, require => File["/srv/puppet"], } } @@ -336,7 +337,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => "var_lib_t", + seltype => $seltype, require => File["/srv/puppet"], } file { [ "/srv/puppet/files", @@ -348,7 +349,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => "var_lib_t", + seltype => $seltype, require => File["/srv/puppet"], } file { "/srv/puppet/files/common": @@ -359,7 +360,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => "var_lib_t", + seltype => $seltype, require => File["/srv/puppet/files"], } file { "/srv/puppet/files/private": @@ -367,7 +368,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => "root", group => $group, - seltype => "var_lib_t", + seltype => $seltype, require => File["/srv/puppet/files"], } @@ -500,6 +501,17 @@ class puppet::server::mongrel { $puppet_listenports = [ "18140", "18141", "18142", "18143", ] } + if $::operatingsystem == "CentOS" and $::operatingsystemrelease =~ /^[1-5]\..*/ { + $seltype = "http_port_t" + } else { + $seltype = "puppet_port_t" + } + selinux::manage_port { $puppet_listenports: + type => $seltype, + proto => "tcp", + before => Service["puppetmaster"], + } + include ldap::client::ruby include ::mongrel