Fixed SELinux contexts from Apache log directories.

2012-08-28 08:50:56 +03:00 · 2012-08-28 08:50:56 +03:00 · c69fb5afb0
commit c69fb5afb0
parent 458854708c
2 changed files with 26 additions and 7 deletions
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -32,6 +32,11 @@ class apache::common {
            type   => "httpd_sys_content_t",
            before => File[$apache_datadir],
        }
+        selinux::manage_fcontext { "${apache_datadir}/log(/.*)?":
+            type    => "httpd_log_t",
+            before  => File["/srv/www/log"],
+            require => Selinux::Manage_fcontext["${apache_datadir}(/.*)?"],
+        }
        file { "/srv/www":
            ensure  => link,
            target  => $apache_datadir,
@ -44,13 +49,18 @@ class apache::common {
            owner  => root,
            group  => root,
        }
+        selinux::manage_fcontext { "/srv/www/log(/.*)?":
+            type   => "httpd_log_t",
+            before => File["/srv/www/log"],
+        }
    }

    file { "/srv/www/log":
        ensure  => directory,
        mode    => "0755",
-        owner   => root,
-        group   => root,
+        owner   => "root",
+        group   => "root",
+        seltype => "httpd_log_t",
        require => File["/srv/www"],
    }

--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@ -21,6 +21,10 @@ class apache::redhat::server {
        source  => "puppet:///modules/custom/empty",
    }

+    File["/srv/www/log/http", "/srv/www/log/http/${homename}"] {
+        seltype => "httpd_log_t",
+    }
+
    file { "/etc/httpd/conf/httpd.conf":
        ensure  => present,
        content => template("apache/httpd.conf.erb"),
@ -140,6 +144,10 @@ class apache::redhat::sslserver {
        source  => "puppet:///modules/custom/empty",
    }

+    File["/srv/www/log/https", "/srv/www/log/https/${homename}"] {
+        seltype => "httpd_log_t",
+    }
+
    file { "/etc/httpd/conf/httpsd.conf":
        ensure  => present,
        mode    => "0644",
@ -228,11 +236,12 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
        }

        file { "/srv/www/log/https/${site_fqdn}":
-            ensure => directory,
-            mode   => "0755",
-            owner  => root,
-            group  => root,
-            before => Service["httpsd"],
+            ensure  => directory,
+            mode    => "0755",
+            owner   => "root",
+            group   => "root",
+            seltype => "httpd_log_t",
+            before  => Service["httpsd"],
        }
    }