SELinux fixes for apache module.

2012-08-01 12:18:12 +03:00 · 2012-08-01 12:18:12 +03:00 · 500c026131
commit 500c026131
parent f6ed541068
1 changed files with 10 additions and 14 deletions
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -28,7 +28,10 @@ class apache::common {
            group   => "root",
            seltype => "httpd_sys_content_t",
        }
-
+        selinux::manage_fcontext { "${apache_datadir}(/.*)?":
+            type   => "httpd_sys_content_t",
+            before => File[$apache_datadir],
+        }
        file { "/srv/www":
            ensure  => link,
            target  => $apache_datadir,
@ -51,15 +54,6 @@ class apache::common {
        require => File["/srv/www"],
    }

-    if "${selinux}" == "true" {
-        if $apache_datadir {
-            selinux::manage_fcontext { "${apache_datadir}(/.*)?":
-                type   => "httpd_sys_content_t",
-                before => File[$apache_datadir],
-            }
-        }
-    }
-
    package { "httpd":
        name   => $operatingsystem ? {
            debian  => "apache2",
@ -73,12 +67,14 @@ class apache::common {
        ensure  => present,
        source  => "puppet:///modules/apache/www-logrotate.sh",
        mode    => "0755",
-        owner   => root,
-        group   => root,
-        seluser => "system_u",
-        selrole => "object_r",
+        owner   => "root",
+        group   => "root",
        seltype => "httpd_rotatelogs_exec_t",
    }
+    selinux::manage_fcontext { "/usr/local/sbin/www-logrotate.sh":
+        type   => "httpd_rotatelogs_exec_t",
+        before => File["/usr/local/sbin/www-logrotate.sh"],
+    }

    cron { "www-logrotate":
        ensure  => present,