tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added option to disable recursion on selinux::manage_fcontext.

Browse source
This commit is contained in:
Timo Mkinen 2010-10-07 22:52:31 +03:00
parent 235fc9e45e
commit 57dd46b169
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
selinux/manifests/init.pp
View file

@ -98,6 +98,8 @@ define selinux::boolean($value) {
# Regexp of path to configure # Regexp of path to configure
# $type: # $type:
# SELinux type for file # SELinux type for file
# $recurse:
# Recursively run restorecon on given path. Defaults to true.
# #
# === Sample usage # === Sample usage
# #
@ -105,11 +107,24 @@ define selinux::boolean($value) {
# type => "httpd_sys_content_t", # type => "httpd_sys_content_t",
# } # }
# #
define selinux::manage_fcontext($type) { define selinux::manage_fcontext($type, $recurse = true) {
exec { "semanage fcontext -a -t '${type}' '${name}' && restorecon -iR `echo '${name}' | sed -e 's/(.*$//'`": exec { "semanage fcontext -a -t '${type}' '${name}'":
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'", unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}(:s[0-9]*)?$'",
notify => Exec["restorecon ${name}"],
}
if $recurse {
$restorecon_opts = "-R"
} else {
$restorecon_opts = ""
}
exec { "restorecon ${name}":
command => "restorecon -i ${restorecon_opts} `echo '${name}' | sed -e 's/(.*$//'`",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
} }
} }