From bbd2ed5d0e2e6063015cdc89144f17cdc74fdeca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Fri, 9 Aug 2013 16:07:03 +0300
Subject: [PATCH] kerberos: SELinux context fixes for kerberos::server.

---
 kerberos/manifests/init.pp | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp
index c629b71..ef4f033 100644
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@@ -124,24 +124,39 @@ class kerberos::server {
 
     if $kerberos_datadir {
         file { $kerberos_datadir:
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
         }
         file { "/srv/kerberos":
             ensure  => link,
             target  => $kerberos_datadir,
             owner   => "root",
             group   => "root",
+            seltype => "usr_t",
             require => File[$kerberos_datadir],
         }
+        selinux::manage_fcontext { "${kerberos_datadir}(/.*)?":
+            type   => "krb5_conf_t",
+            before => File[$kerberos_datadir],
+        }
+        selinux::manage_fcontext { "/srv/kerberos":
+            type   => "usr_t",
+            before => File["/srv/kerberos"],
+        }
     } else {
         file { "/srv/kerberos":
-            ensure => directory,
-            mode   => "0600",
-            owner  => "root",
-            group  => "root",
+            ensure  => directory,
+            mode    => "0600",
+            owner   => "root",
+            group   => "root",
+            seltype => "krb5_conf_t",
+        }
+        selinux::manage_fcontext { "/srv/kerberos(/.*)?":
+            type   => "krb5_conf_t",
+            before => File["/srv/kerberos"],
         }
     }