diff --git a/puppet/manifests/init.pp b/puppet/manifests/init.pp index bcd3c49..237b2ac 100644 --- a/puppet/manifests/init.pp +++ b/puppet/manifests/init.pp @@ -195,11 +195,9 @@ class puppet::server { class puppet::server::common inherits puppet::client { if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ { - $seltype_readonly = "var_lib_t" - $seltype_writable = "var_lib_t" + $seltype = "var_lib_t" } else { - $seltype_readonly = "puppetmaster_t" - $seltype_writable = "puppet_var_lib_t" + $seltype = "puppet_var_lib_t" } case $::operatingsystem { @@ -276,7 +274,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => $seltype_readonly, + seltype => $seltype, require => File["/srv/puppet"], } } @@ -305,27 +303,23 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype_readonly, + seltype => $seltype, require => Package["puppetmaster"], } selinux::manage_fcontext { "${puppet_datadir}(/.*)?": - type => $seltype_readonly, + type => $seltype, before => File[$puppet_datadir], } - selinux::manage_fcontext { [ - "${puppet_datadir}/bucket(/.*)?", - "${puppet_datadir}/reports(/.*)?", - "${puppet_datadir}/rrd(/.*)?", - ]: - type => $seltype_writable, - before => File["/srv/puppet/reports"], - } file { "/srv/puppet": ensure => link, target => $puppet_datadir, - seltype => $seltype_readonly, + seltype => "usr_t", require => File[$puppet_datadir], } + selinux::manage_fcontext { "/srv/puppet(/.*)?": + type => "usr_t", + before => File["/srv/puppet"], + } } else { file { "/srv/puppet": ensure => directory, @@ -335,21 +329,13 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype_readonly, + seltype => $seltype, require => Package["puppetmaster"], } - } - selinux::manage_fcontext { "/srv/puppet(/.*)?": - type => $seltype_readonly, - before => File["/srv/puppet"], - } - selinux::manage_fcontext { [ - "/srv/puppet/bucket(/.*)?", - "/srv/puppet/reports(/.*)?", - "/srv/puppet/rrd(/.*)?", - ]: - type => $seltype_writable, - before => File["/srv/puppet/reports"], + selinux::manage_fcontext { "/srv/puppet(/.*)?": + type => $seltype, + before => File["/srv/puppet"], + } } file { [ "/srv/puppet/bucket", @@ -359,7 +345,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => $user, group => $group, - seltype => $seltype_writable, + seltype => $seltype, require => File["/srv/puppet"], } file { [ "/srv/puppet/files", @@ -371,7 +357,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype_readonly, + seltype => $seltype, require => File["/srv/puppet"], } file { "/srv/puppet/files/common": @@ -382,7 +368,7 @@ class puppet::server::common inherits puppet::client { "openbsd" => "wheel", default => "root", }, - seltype => $seltype_readonly, + seltype => $seltype, require => File["/srv/puppet/files"], } file { "/srv/puppet/files/private": @@ -390,7 +376,7 @@ class puppet::server::common inherits puppet::client { mode => "0750", owner => "root", group => $group, - seltype => $seltype_readonly, + seltype => $seltype, require => File["/srv/puppet/files"], }