Merge pull request #5 from thoraxe/file-context-el

Updated to support different el versions

.gitignore

@@ -0,0 +1 @@
+*.swp

manifests/fcontext.pp

@@ -0,0 +1,47 @@
+# Definition: selinux::fcontext
+#
+# Description
+#  This method will manage a local file context setting, and will persist it across reboots.
+#  It will perform a check to ensure the file context is not already set.
+#  Anyplace you wish to use this method you must ensure that the selinux class is required
+#  first. Otherwise you run the risk of attempting to execute the semanage and that program
+#  will not yet be installed.
+#
+# Class created by Erik M Jacobs<[email protected]>
+#  Adds to puppet-selinux by jfryman
+#   https://github.com/jfryman/puppet-selinux
+#  Originally written/sourced from Lance Dillon<>
+#   http://riffraff169.wordpress.com/2012/03/09/add-file-contexts-with-puppet/
+#
+# Parameters:
+#   - $context: A particular file context, like "mysqld_log_t"
+#   - $pathname: An semanage fcontext-formatted pathname, like "/var/log/mysql(/.*)?"
+#
+# Actions:
+#  Runs "semanage fcontext" with options to persistently set the file context
+#
+# Requires:
+#  - SELinux
+#  - policycoreutils-python (for el-based systems)
+#
+# Sample Usage:
+#
+# selinux::fcontext{'set-samba-rootfolder-context':
+#   context => "mysqld_log_t",
+#   pathname => "/var/log/mysql(/.*)?",
+# }
+#
+define selinux::fcontext ( $context = "", $pathname = "", $policy = "targeted" ) {
+  Exec {
+    path => '/bin:/sbin:/usr/bin:/usr/sbin',
+  }
+
+  if ( $context == "" ) or ( $pathname == "" ) {
+    fail("context and pathname must not be empty")
+  }
+
+  exec { "add_${context}_${pathname}":
+    command => "semanage fcontext -a -t ${context} \"${pathname}\"",
+    unless => "semanage fcontext -l|grep \"^${pathname}.*:${context}:\"",
+  }
+}

manifests/init.pp

@@ -17,14 +17,18 @@
 #  include selinux
 #
 class selinux(
+
   $mode = 'permissive'
-) {
+
+  ) {
+
   include stdlib
   include selinux::params
-
-  anchor { 'selinux::begin': }
-  -> class { 'selinux::config':
-      mode => $mode,
+  
+  class { 'selinux::package': }
+    -> class { 'selinux::config':
+    mode => $mode,
   }
-  -> anchor { 'selinux::end': }
+  -> Class['selinux']
+
 }

manifests/package.pp

@@ -0,0 +1,37 @@
+# Class: selinux::package
+#
+# This module manages additional packages required to support some of the functions.
+#
+# Parameters:
+#
+# There are no default parameters for this class.
+#
+# Actions:
+#
+# Requires:
+#
+# Sample Usage:
+#
+# This class file is not called directly
+class selinux::package {
+  case $::operatingsystem {
+    centos,fedora,rhel,redhat,scientific: {
+      case $::operatingsystemrelease {
+        /^5.+$/: {
+          package { 'policycoreutils':
+            ensure => present,
+          }
+        }
+        /^6.+$/: {
+          package { 'policycoreutils-python':
+            ensure => present,
+          }
+        }
+      }
+    }
+    debian,ubuntu: {
+    }
+    opensuse,suse: {
+    }
+  }
+}