From 838f6df62aa1b7bdda348f551a85b08820ea696d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Fri, 2 Jul 2010 12:23:10 +0300
Subject: [PATCH] Initial version of selinux module.

---
 selinux/manifests/init.pp | 52 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 selinux/manifests/init.pp

diff --git a/selinux/manifests/init.pp b/selinux/manifests/init.pp
new file mode 100644
index 0000000..b6b2f29
--- /dev/null
+++ b/selinux/manifests/init.pp
@@ -0,0 +1,52 @@
+
+# Set SELinux boolean value
+#
+# === Parameters
+#
+#   $name:
+#       SELinux key to set
+#   $value:
+#       Value for given key (on or off)
+#
+# === Sample usage
+#
+# selinux::boolean { "use_nfs_home_dirs":
+#     value => "on",
+# }
+#
+define selinux::boolean($value) {
+
+    selboolean { $name:
+        value      => $value,
+        persistent => true,
+    }
+
+}
+
+
+# Configure SELinux port authorizations
+#
+# === Parameters
+#
+#   $name:
+#       Port range to configure
+#   $type:
+#       SELinux type for port range
+#   $proto:
+#       Protocol for port (tcp or udp)
+#
+# === Sample usage
+#
+# selinux::manage_port { "18140-18143":
+#     type  => "http_port_t",
+#     proto => "tcp",
+# }
+#
+define selinux::manage_port($type, $proto) {
+
+    exec { "semanage port -a -t ${type} -p ${proto} ${name}":
+        path   => "/bin:/usr/bin:/sbin:/usr/sbin",
+        unless => "semanage port -ln | egrep '^${type}[ ]*${proto}' | egrep ' ${name}(,.*)?\$'",
+    }
+
+}