kerberos: SELinux context fixes for kerberos::server.
This commit is contained in:
parent
4f173e3a1a
commit
bbd2ed5d0e
1 changed files with 23 additions and 8 deletions
|
|
@ -128,20 +128,35 @@ class kerberos::server {
|
||||||
mode => "0600",
|
mode => "0600",
|
||||||
owner => "root",
|
owner => "root",
|
||||||
group => "root",
|
group => "root",
|
||||||
|
seltype => "krb5_conf_t",
|
||||||
}
|
}
|
||||||
file { "/srv/kerberos":
|
file { "/srv/kerberos":
|
||||||
ensure => link,
|
ensure => link,
|
||||||
target => $kerberos_datadir,
|
target => $kerberos_datadir,
|
||||||
owner => "root",
|
owner => "root",
|
||||||
group => "root",
|
group => "root",
|
||||||
|
seltype => "usr_t",
|
||||||
require => File[$kerberos_datadir],
|
require => File[$kerberos_datadir],
|
||||||
}
|
}
|
||||||
|
selinux::manage_fcontext { "${kerberos_datadir}(/.*)?":
|
||||||
|
type => "krb5_conf_t",
|
||||||
|
before => File[$kerberos_datadir],
|
||||||
|
}
|
||||||
|
selinux::manage_fcontext { "/srv/kerberos":
|
||||||
|
type => "usr_t",
|
||||||
|
before => File["/srv/kerberos"],
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
file { "/srv/kerberos":
|
file { "/srv/kerberos":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
mode => "0600",
|
mode => "0600",
|
||||||
owner => "root",
|
owner => "root",
|
||||||
group => "root",
|
group => "root",
|
||||||
|
seltype => "krb5_conf_t",
|
||||||
|
}
|
||||||
|
selinux::manage_fcontext { "/srv/kerberos(/.*)?":
|
||||||
|
type => "krb5_conf_t",
|
||||||
|
before => File["/srv/kerberos"],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue