tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

puppet: SELinux context fixes for server at least hopefully.

Browse source
This commit is contained in:
Timo Mkinen 2013-05-08 11:30:03 +03:00
parent 2ce573e809
commit eceba9a0d2
1 changed files with 19 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

52
puppet/manifests/init.pp
View file

@ -195,11 +195,9 @@ class puppet::server {
class puppet::server::common inherits puppet::client {
if $::operatingsystem in ["CentOS","RedHat"] and $::operatingsystemrelease =~ /^[1-5]\..*/ {
$seltype_readonly = "var_lib_t"
$seltype_writable = "var_lib_t"
$seltype = "var_lib_t"
} else {
$seltype_readonly = "puppetmaster_t"
$seltype_writable = "puppet_var_lib_t"
$seltype = "puppet_var_lib_t"
}
case $::operatingsystem {
@ -276,7 +274,7 @@ class puppet::server::common inherits puppet::client {
mode => "0750",
owner => $user,
group => $group,
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet"],
}
}
@ -305,27 +303,23 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => Package["puppetmaster"],
}
selinux::manage_fcontext { "${puppet_datadir}(/.*)?":
type => $seltype_readonly,
type => $seltype,
before => File[$puppet_datadir],
}
selinux::manage_fcontext { [
"${puppet_datadir}/bucket(/.*)?",
"${puppet_datadir}/reports(/.*)?",
"${puppet_datadir}/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
}
file { "/srv/puppet":
ensure => link,
target => $puppet_datadir,
seltype => $seltype_readonly,
seltype => "usr_t",
require => File[$puppet_datadir],
}
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => "usr_t",
before => File["/srv/puppet"],
}
} else {
file { "/srv/puppet":
ensure => directory,
@ -335,21 +329,13 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => Package["puppetmaster"],
}
}
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => $seltype_readonly,
before => File["/srv/puppet"],
}
selinux::manage_fcontext { [
"/srv/puppet/bucket(/.*)?",
"/srv/puppet/reports(/.*)?",
"/srv/puppet/rrd(/.*)?",
]:
type => $seltype_writable,
before => File["/srv/puppet/reports"],
selinux::manage_fcontext { "/srv/puppet(/.*)?":
type => $seltype,
before => File["/srv/puppet"],
}
}
file { [ "/srv/puppet/bucket",
@ -359,7 +345,7 @@ class puppet::server::common inherits puppet::client {
mode => "0750",
owner => $user,
group => $group,
seltype => $seltype_writable,
seltype => $seltype,
require => File["/srv/puppet"],
}
file { [ "/srv/puppet/files",
@ -371,7 +357,7 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet"],
}
file { "/srv/puppet/files/common":
@ -382,7 +368,7 @@ class puppet::server::common inherits puppet::client {
"openbsd" => "wheel",
default => "root",
},
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet/files"],
}
file { "/srv/puppet/files/private":
@ -390,7 +376,7 @@ class puppet::server::common inherits puppet::client {
mode => "0750",
owner => "root",
group => $group,
seltype => $seltype_readonly,
seltype => $seltype,
require => File["/srv/puppet/files"],
}