From 87e8d757ade39a73a464505c32b0fbdaa9f4fa7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20M=E4kinen?= Date: Fri, 20 Apr 2012 12:52:20 +0300 Subject: [PATCH] Fixed SELinux file contexts from ldap::server. --- ldap/manifests/init.pp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index 93f10a3..79492c2 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -447,11 +447,13 @@ class ldap::server { mode => "0700", owner => $user, group => $group, + seltype => "slapd_db_t", require => Package["openldap-server"], } file { "/srv/ldap": ensure => link, target => $ldap_datadir, + seltype => "slapd_db_t", require => File[$ldap_datadir], } } else { @@ -460,10 +462,24 @@ class ldap::server { mode => "0700", owner => $user, group => $group, + seltype => "slapd_db_t", require => Package["openldap-server"], } } + if "${selinux}" == "true" { + selinux::manage_fcontext { "/srv/ldap(/.*)?": + type => "slapd_db_t", + before => File["/srv/ldap"], + } + if $ldap_datadir { + selinux::manage_fcontext { "${ldap_datadir}(/.*)?": + type => "slapd_db_t", + before => File[$ldap_datadir], + } + } + } + file { "${config}/schema": ensure => directory, source => "puppet:///modules/custom/empty", @@ -579,6 +595,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "") { mode => "0700", owner => $ldap::server::user, group => $ldap::server::group, + seltype => "slapd_db_t", require => File["/srv/ldap"], } @@ -593,6 +610,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "") { "openbsd" => "wheel", default => "root", }, + seltype => "slapd_db_t", require => File["/srv/ldap/${name}"], before => Service["slapd"], }