Added define to manage SELinux file contexts.
This commit is contained in:
parent
31cb5f5597
commit
80422d9aa7
1 changed files with 26 additions and 1 deletions
|
|
@ -60,7 +60,7 @@ class selinux {
|
||||||
},
|
},
|
||||||
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||||
unless => "getenforce | egrep -i '${selinux_type}'",
|
unless => "getenforce | egrep -i '${selinux_type}'",
|
||||||
require => file["/etc/selinux/config"],
|
require => File["/etc/selinux/config"],
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -90,6 +90,31 @@ define selinux::boolean($value) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Configure SELinux file contexts
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# $name:
|
||||||
|
# Regexp of path to configure
|
||||||
|
# $type:
|
||||||
|
# SELinux type for file
|
||||||
|
#
|
||||||
|
# === Sample usage
|
||||||
|
#
|
||||||
|
# selinux::manage_fcontext { "/srv/www/http(/.*)?":
|
||||||
|
# type => "httpd_sys_content_t",
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
define selinux::manage_fcontext($type) {
|
||||||
|
|
||||||
|
exec { "semanage fcontext -a -t '${type}' '${name}' && restorecon -R `echo '${name}' | sed -e 's/(.*$//'`":
|
||||||
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||||
|
unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}:'",
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Configure SELinux port authorizations
|
# Configure SELinux port authorizations
|
||||||
#
|
#
|
||||||
# === Parameters
|
# === Parameters
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue