From c69fb5afb0d901d59af3311e4b9d68dc0a0986dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Tue, 28 Aug 2012 08:50:56 +0300
Subject: [PATCH] Fixed SELinux contexts from Apache log directories.

---
 apache/manifests/init.pp   | 14 ++++++++++++--
 apache/manifests/redhat.pp | 19 ++++++++++++++-----
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index 4e7376b..b51d29e 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -32,6 +32,11 @@ class apache::common {
             type   => "httpd_sys_content_t",
             before => File[$apache_datadir],
         }
+        selinux::manage_fcontext { "${apache_datadir}/log(/.*)?":
+            type    => "httpd_log_t",
+            before  => File["/srv/www/log"],
+            require => Selinux::Manage_fcontext["${apache_datadir}(/.*)?"],
+        }
         file { "/srv/www":
             ensure  => link,
             target  => $apache_datadir,
@@ -44,13 +49,18 @@ class apache::common {
             owner  => root,
             group  => root,
         }
+        selinux::manage_fcontext { "/srv/www/log(/.*)?":
+            type   => "httpd_log_t",
+            before => File["/srv/www/log"],
+        }
     }
 
     file { "/srv/www/log":
         ensure  => directory,
         mode    => "0755",
-        owner   => root,
-        group   => root,
+        owner   => "root",
+        group   => "root",
+        seltype => "httpd_log_t",
         require => File["/srv/www"],
     }
 
diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp
index 561f1be..c333903 100644
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@@ -21,6 +21,10 @@ class apache::redhat::server {
         source  => "puppet:///modules/custom/empty",
     }
 
+    File["/srv/www/log/http", "/srv/www/log/http/${homename}"] {
+        seltype => "httpd_log_t",
+    }
+
     file { "/etc/httpd/conf/httpd.conf":
         ensure  => present,
         content => template("apache/httpd.conf.erb"),
@@ -140,6 +144,10 @@ class apache::redhat::sslserver {
         source  => "puppet:///modules/custom/empty",
     }
 
+    File["/srv/www/log/https", "/srv/www/log/https/${homename}"] {
+        seltype => "httpd_log_t",
+    }
+
     file { "/etc/httpd/conf/httpsd.conf":
         ensure  => present,
         mode    => "0644",
@@ -228,11 +236,12 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
         }
 
         file { "/srv/www/log/https/${site_fqdn}":
-            ensure => directory,
-            mode   => "0755",
-            owner  => root,
-            group  => root,
-            before => Service["httpsd"],
+            ensure  => directory,
+            mode    => "0755",
+            owner   => "root",
+            group   => "root",
+            seltype => "httpd_log_t",
+            before  => Service["httpsd"],
         }
     }