Moved setroubleshoot from selinux base class to selinux::setroubleshoot.
This commit is contained in:
parent
5070a0d6f3
commit
c8a2ff7436
1 changed files with 28 additions and 17 deletions
|
|
@ -23,7 +23,7 @@ class selinux {
|
|||
default: { fail("Invalid SELinux mode ${selinux_type}") }
|
||||
}
|
||||
|
||||
package { [ "selinux-policy-targeted", "setroubleshoot" ]:
|
||||
package { "selinux-policy":
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
|
|
@ -37,21 +37,6 @@ class selinux {
|
|||
notify => Exec["set-selinux-mode"],
|
||||
}
|
||||
|
||||
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
|
||||
service { "setroubleshoot":
|
||||
ensure => $selinux_type ? {
|
||||
disabled => stopped,
|
||||
default => running,
|
||||
},
|
||||
enable => $selinux_type ? {
|
||||
disabled => false,
|
||||
default => true,
|
||||
},
|
||||
hasstatus => true,
|
||||
require => Package["setroubleshoot"],
|
||||
}
|
||||
}
|
||||
|
||||
exec { "set-selinux-mode":
|
||||
command => $selinux_type ? {
|
||||
"enforcing" => "setenforce 1",
|
||||
|
|
@ -63,7 +48,33 @@ class selinux {
|
|||
require => File["/etc/selinux/config"],
|
||||
}
|
||||
|
||||
include selinux::tools
|
||||
if $selinux_type != "disabled" {
|
||||
include selinux::tools
|
||||
package { "selinux-policy-targeted":
|
||||
ensure => installed,
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Install setroubleshoot
|
||||
#
|
||||
class selinux::setroubleshoot {
|
||||
|
||||
if $::selinux == "true" {
|
||||
package { "setroubleshoot":
|
||||
ensure => installed,
|
||||
}
|
||||
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\./ {
|
||||
service { "setroubleshoot":
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
require => Package["setroubleshoot"],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue