diff options
| author | Brett Lentz <wakko666@gmail.com> | 2008-07-24 18:13:14 -0700 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2008-10-03 14:33:32 +1000 |
| commit | e77ddc16570fd15b161db416e7dd35f95e7fb0ac (patch) | |
| tree | 2e0ec7fbab51edc631ede11689d8a5c610fa4977 /lib/puppet/provider/selboolean | |
| parent | 7272d49149815e038c67b1ae645b449a1ec2578a (diff) | |
| download | puppet-e77ddc16570fd15b161db416e7dd35f95e7fb0ac.tar.gz puppet-e77ddc16570fd15b161db416e7dd35f95e7fb0ac.tar.xz puppet-e77ddc16570fd15b161db416e7dd35f95e7fb0ac.zip | |
Merged fsweetser's selinux patch against HEAD
Diffstat (limited to 'lib/puppet/provider/selboolean')
| -rw-r--r-- | lib/puppet/provider/selboolean/getsetsebool.rb | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/puppet/provider/selboolean/getsetsebool.rb b/lib/puppet/provider/selboolean/getsetsebool.rb new file mode 100644 index 000000000..4614c6c38 --- /dev/null +++ b/lib/puppet/provider/selboolean/getsetsebool.rb @@ -0,0 +1,47 @@ +Puppet::Type.type(:selboolean).provide(:getsetsebool) do + desc "Manage SELinux booleans using the getsebool and setsebool binaries." + + commands :getsebool => "/usr/sbin/getsebool" + commands :setsebool => "/usr/sbin/setsebool" + + def value + self.debug "Retrieving value of selboolean #{@resource[:name]}" + + status = getsebool(@resource[:name]) + + if status =~ / off$/ then + return :off + elsif status =~ / on$/ then + return :on + else + status.chomp! + raise Puppet::Error, "Invalid response '%s' returned from getsebool" % [status] + end + end + + def value=(new) + persist = "" + if @resource[:persistent] == :true + self.debug "Enabling persistence" + persist = "-P" + end + execoutput("#{command(:setsebool)} #{persist} #{@resource[:name]} #{new}") + return :file_changed + end + + # Required workaround, since SELinux policy prevents setsebool + # from writing to any files, even tmp, preventing the standard + # 'setsebool("...")' construct from working. + + def execoutput (cmd) + output = '' + begin + execpipe(cmd) do |out| + output = out.readlines.join('').chomp! + end + rescue Puppet::ExecutionFailure + raise Puppet::ExecutionFailure, output.split("\n")[0] + end + return output + end +end |