selinux: Added email support to setroubleshoot

selinux/manifests/init.pp

@@ -60,7 +60,13 @@ class selinux {
 
 # Install setroubleshoot
 #
-class selinux::setroubleshoot {
+# === Parameters
+#
+#   $mailto:
+#       Array of email addresses where to send SELinux alerts.
+#       Disabled by default.
+#
+class selinux::setroubleshoot($mailto=undef) {
 
     if $::selinux == "true" {
         package { "setroubleshoot":
@@ -74,6 +80,25 @@ class selinux::setroubleshoot {
                 require   => Package["setroubleshoot"],
             }
         }
+        if $mailto {
+            if !$mail_server {
+                $mail_server = "127.0.0.1"
+            }
+            augeas { "set-setroubleshoot-smtp_host":
+                changes => "set email/smtp_host '${mail_server}'",
+                incl    => "/etc/setroubleshoot/setroubleshoot.conf",
+                lens    => "Puppet.lns",
+                require => Package["setroubleshoot"],
+            }
+            file { "/var/lib/setroubleshoot/email_alert_recipients":
+                ensure  => present,
+                mode    => "0600",
+                owner   => "root",
+                group   => "root",
+                content => template("selinux/email_alert_recipients.erb"),
+                require => Augeas["set-setroubleshoot-smtp_host"],
+            }
+        }
     }
 
 }

selinux/templates/email_alert_recipients.erb

@@ -0,0 +1,3 @@
+<% @mailto.each do |email| -%>
+<%= email %> filter_type=after_first
+<% end -%>