From 347ce1c2c23703c6c0b627a6014ebdf862aad7d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Fri, 8 Jun 2012 21:21:45 +0300
Subject: [PATCH] Added check if selinux is enabled into selinux::* defines.

---
 selinux/manifests/init.pp | 124 +++++++++++++++++++++-----------------
 1 file changed, 68 insertions(+), 56 deletions(-)

diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp
index 7c43d13..81f5bce 100644
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@@ -136,25 +136,29 @@ define selinux::boolean($value) {
 #
 define selinux::manage_fcontext($type, $recurse = true) {
 
-    include selinux::tools
+    if "${selinux}" == "true" {
 
-    exec { "semanage fcontext -a -t '${type}' '${name}'":
-        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
-        unless  => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
-        notify  => Exec["restorecon ${name}"],
-        require => Class["selinux::tools"],
-    }
+        include selinux::tools
 
-    if $recurse {
-        $restorecon_opts = "-R"
-    } else {
-        $restorecon_opts = ""
-    }
+        exec { "semanage fcontext -a -t '${type}' '${name}'":
+            path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+            unless  => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
+            notify  => Exec["restorecon ${name}"],
+            require => Class["selinux::tools"],
+        }
+
+        if $recurse {
+            $restorecon_opts = "-R"
+        } else {
+            $restorecon_opts = ""
+        }
+
+        exec { "restorecon ${name}":
+            command     => "restorecon -i ${restorecon_opts} `echo '${name}' | sed -e 's/(.*$//'`",
+            path        => "/bin:/usr/bin:/sbin:/usr/sbin",
+            refreshonly => true,
+        }
 
-    exec { "restorecon ${name}":
-        command     => "restorecon -i ${restorecon_opts} `echo '${name}' | sed -e 's/(.*$//'`",
-        path        => "/bin:/usr/bin:/sbin:/usr/sbin",
-        refreshonly => true,
     }
 
 }
@@ -180,12 +184,16 @@ define selinux::manage_fcontext($type, $recurse = true) {
 #
 define selinux::manage_port($type, $proto) {
 
-    include selinux::tools
+    if "${selinux}" == "true" {
+
+        include selinux::tools
+
+        exec { "semanage port -a -t ${type} -p ${proto} ${name}":
+            path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+            unless  => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
+            require => Class["selinux::tools"],
+        }
 
-    exec { "semanage port -a -t ${type} -p ${proto} ${name}":
-        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
-        unless  => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
-        require => Class["selinux::tools"],
     }
 
 }
@@ -208,45 +216,49 @@ define selinux::manage_port($type, $proto) {
 #
 define selinux::module($source) {
 
-    $ext = regsubst($source, '.*\.(te|pp)', '\1')
-    case $ext {
-        "te": {
-            include selinux::module::devel
-            file { "/usr/local/src/selinux/${name}.te":
-                ensure  => present,
-                source  => $source,
-                mode    => "0644",
-                owner   => "root",
-                group   => "root",
-                require => File["/usr/local/src/selinux"],
-                notify  => Exec["selinux-module-compile"],
+    if "${selinux}" == "true" {
+
+        $ext = regsubst($source, '.*\.(te|pp)', '\1')
+        case $ext {
+            "te": {
+                include selinux::module::devel
+                file { "/usr/local/src/selinux/${name}.te":
+                    ensure  => present,
+                    source  => $source,
+                    mode    => "0644",
+                    owner   => "root",
+                    group   => "root",
+                    require => File["/usr/local/src/selinux"],
+                    notify  => Exec["selinux-module-compile"],
+                }
+                $module = "/usr/local/src/selinux/${name}.pp"
+            }
+            "pp": {
+                $module = $source
+            }
+            default: {
+                fail("Invalid source '${source}' for selinux::module")
             }
-            $module = "/usr/local/src/selinux/${name}.pp"
         }
-        "pp": {
-            $module = $source
-        }
-        default: {
-            fail("Invalid source '${source}' for selinux::module")
-        }
-    }
 
-    file { "/usr/share/selinux/targeted/${name}.pp":
-        ensure  => present,
-        source  => $module,
-        mode    => "0644",
-        owner   => "root",
-        group   => "root",
-        require => $ext ? {
-          "te"    => Exec["selinux-module-compile"],
-          default => undef,
-        },
-    }
+        file { "/usr/share/selinux/targeted/${name}.pp":
+            ensure  => present,
+            source  => $module,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            require => $ext ? {
+                "te"    => Exec["selinux-module-compile"],
+                default => undef,
+            },
+        }
+
+        selmodule { $name:
+            ensure      => present,
+            require     => File["/usr/share/selinux/targeted/${name}.pp"],
+            syncversion => true,
+        }
 
-    selmodule { $name:
-        ensure      => present,
-        require     => File["/usr/share/selinux/targeted/${name}.pp"],
-        syncversion => true,
     }
 
 }