Created
January 24, 2013 22:35
-
-
Save shoop/4628864 to your computer and use it in GitHub Desktop.
selinux::fcontext puppet module that does not take ages to verify.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
define selinux::fcontext($ensure, $type, $path, $grep) { | |
# Add or remove a permanent SELinux local file context to the system | |
# Normally this is done in a specific SELinux module but the define can | |
# be used for one-offs. | |
case $ensure { | |
'present': { | |
exec { "semanage-fcontext-$title": | |
command => "/usr/sbin/semanage fcontext -a -t $type '$path'", | |
unless => "/bin/grep -q '^$grep' /etc/selinux/targeted/contexts/files/file_contexts.local", | |
#XXX: The command below is the canonical way to check for active persistant | |
# file contexts, but this takes ~5 seconds per run instead of the | |
# simple grep above because semanage fcontext -l takes a long time. | |
#unless => "/usr/sbin/semanage fcontext -l | /bin/grep -q '^$grep'", | |
} | |
} | |
'absent': { | |
exec { "semanage-fcontext-$title": | |
command => "/usr/sbin/semanage fcontext -d -t $type '$path'", | |
unless => "/bin/grep -q '^$grep' /etc/selinux/targeted/contexts/files/file_contexts.local", | |
#XXX: The command below is the canonical way to check for active persistant | |
# file contexts, but this takes ~5 seconds per run instead of the | |
# simple grep above because semanage fcontext -l takes a long time. | |
#unless => "/usr/sbin/semanage fcontext -l | /bin/grep -q '^$grep'", | |
} | |
} | |
default: { | |
error("unknown ensure value $ensure") | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment