tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added support for compiling and installing custom SELinux modules.

Browse source
This commit is contained in:
Timo Mkinen 2012-04-27 14:59:28 +03:00
parent 1a5ff54588
commit ca9aa3c997
1 changed files with 85 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
selinux/manifests/init.pp
View file

@ -189,3 +189,88 @@ define selinux::manage_port($type, $proto) {
}
}
# Install new SELinux module
#
# === Parameters
#
# $name:
# Module name
# $source:
# Module source (.te) or compiled file (.pp).
#
# === Sample usage
#
# selinux::module { "munin-local":
# source => "puppet:///files/common/selinux/munin-local.te",
# }
#
define selinux::module($source) {
$ext = regsubst($source, '.*\.(te|pp)', '\1')
case $ext {
"te": {
include selinux::module::devel
file { "/usr/local/src/selinux/${name}.te":
ensure => present,
source => $source,
mode => "0644",
owner => "root",
group => "root",
require => File["/usr/local/src/selinux"],
notify => Exec["selinux-module-compile"],
}
$module = "/usr/local/src/selinux/${name}.pp"
}
"pp": {
$module = $source
}
default: {
fail("Invalid source '${source}' for selinux::module")
}
}
file { "/usr/share/selinux/targeted/${name}.pp":
ensure => present,
source => $module,
mode => "0644",
owner => "root",
group => "root",
require => $ext ? {
"te" => Exec["selinux-module-compile"],
default => undef,
},
}
selmodule { $name:
ensure => present,
require => File["/usr/share/selinux/targeted/${name}.pp"],
}
}
# Prequisites for compiling SELinux modules
#
class selinux::module::devel {
include selinux::tools
file { "/usr/local/src/selinux":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
exec { "selinux-module-compile":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "make -f /usr/share/selinux/devel/Makefile",
cwd => "/usr/local/src/selinux",
user => "root",
refreshonly => true,
require => Class["selinux::tools"],
}
}