kerberos: SELinux context fixes for kerberos::server.

2013-08-09 16:07:03 +03:00 · 2013-08-09 16:07:03 +03:00 · bbd2ed5d0e
commit bbd2ed5d0e
parent 4f173e3a1a
1 changed files with 23 additions and 8 deletions
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@ -124,24 +124,39 @@ class kerberos::server {

    if $kerberos_datadir {
        file { $kerberos_datadir:
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
        }
        file { "/srv/kerberos":
            ensure  => link,
            target  => $kerberos_datadir,
            owner   => "root",
            group   => "root",
+            seltype => "usr_t",
            require => File[$kerberos_datadir],
        }
+        selinux::manage_fcontext { "${kerberos_datadir}(/.*)?":
+            type   => "krb5_conf_t",
+            before => File[$kerberos_datadir],
+        }
+        selinux::manage_fcontext { "/srv/kerberos":
+            type   => "usr_t",
+            before => File["/srv/kerberos"],
+        }
    } else {
        file { "/srv/kerberos":
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
+        }
+        selinux::manage_fcontext { "/srv/kerberos(/.*)?":
+            type   => "krb5_conf_t",
+            before => File["/srv/kerberos"],
        }
    }