tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added define to manage SELinux file contexts.

Browse source
This commit is contained in:
Timo Mkinen 2010-10-06 12:12:32 +03:00
parent 31cb5f5597
commit 80422d9aa7
1 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
selinux/manifests/init.pp
View file

@ -60,7 +60,7 @@ class selinux {
},
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "getenforce | egrep -i '${selinux_type}'",
require => file["/etc/selinux/config"],
require => File["/etc/selinux/config"],
}
}
@ -90,6 +90,31 @@ define selinux::boolean($value) {
}
# Configure SELinux file contexts
#
# === Parameters
#
# $name:
# Regexp of path to configure
# $type:
# SELinux type for file
#
# === Sample usage
#
# selinux::manage_fcontext { "/srv/www/http(/.*)?":
# type => "httpd_sys_content_t",
# }
#
define selinux::manage_fcontext($type) {
exec { "semanage fcontext -a -t '${type}' '${name}' && restorecon -R `echo '${name}' | sed -e 's/(.*$//'`":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "matchpathcon `echo '${name}' | sed -e 's/(.*$//'` | egrep -q ':${type}:'",
}
}
# Configure SELinux port authorizations
#
# === Parameters