From 57dd46b169b86ddc792c09c22f143e5a566e1559 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Thu, 7 Oct 2010 22:52:31 +0300
Subject: [PATCH] Added option to disable recursion on
 selinux::manage_fcontext.

---
 selinux/manifests/init.pp | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp
index 921fcc2..f066819 100644
--- a/selinux/manifests/init.pp
+++ b/selinux/manifests/init.pp
@@ -98,6 +98,8 @@ define selinux::boolean($value) {
 #       Regexp of path to configure
 #   $type:
 #       SELinux type for file
+#   $recurse:
+#       Recursively run restorecon on given path. Defaults to true.
 #
 # === Sample usage
 #
@@ -105,11 +107,24 @@ define selinux::boolean($value) {
 #     type => "httpd_sys_content_t",
 # }
 #
-define selinux::manage_fcontext($type) {
+define selinux::manage_fcontext($type, $recurse = true) {
 
-    exec { "semanage fcontext -a -t '${type}' '${name}' && restorecon -iR `echo '${name}' | sed -e 's/(.*$//'`":
+    exec { "semanage fcontext -a -t '${type}' '${name}'":
         path   => "/bin:/usr/bin:/sbin:/usr/sbin",
         unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
+        notify => Exec["restorecon ${name}"],
+    }
+
+    if $recurse {
+        $restorecon_opts = "-R"
+    } else {
+        $restorecon_opts = ""
+    }
+
+    exec { "restorecon ${name}":
+        command     => "restorecon -i ${restorecon_opts} `echo '${name}' | sed -e 's/(.*$//'`",
+        path        => "/bin:/usr/bin:/sbin:/usr/sbin",
+        refreshonly => true,
     }
 
 }