blob: e76c18cc061e8db41007856dd522c786ee2d2ac0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#
# Simple module for manageing SELinux policy modules
#
Puppet::Type.newtype(:selmodule) do
@doc = "Manages loading and unloading of SELinux policy modules
on the system. Requires SELinux support. See man semodule(8)
for more information on SELinux policy modules.
**Autorequires:** If Puppet is managing the file containing this SELinux policy module (which is either explicitly specified in the `selmodulepath` attribute or will be found at {`selmoduledir`}/{`name`}.pp), the selmodule resource will autorequire that file."
ensurable
newparam(:name) do
desc "The name of the SELinux policy to be managed. You should not
include the customary trailing .pp extension."
isnamevar
end
newparam(:selmoduledir) do
desc "The directory to look for the compiled pp module file in.
Currently defaults to `/usr/share/selinux/targeted`. If selmodulepath
is not specified the module will be looked for in this directory in a
in a file called NAME.pp, where NAME is the value of the name parameter."
defaultto "/usr/share/selinux/targeted"
end
newparam(:selmodulepath) do
desc "The full path to the compiled .pp policy module. You only need to use
this if the module file is not in the directory pointed at by selmoduledir."
end
newproperty(:syncversion) do
desc "If set to `true`, the policy will be reloaded if the
version found in the on-disk file differs from the loaded
version. If set to `false` (the default) the the only check
that will be made is if the policy is loaded at all or not."
newvalue(:true)
newvalue(:false)
end
autorequire(:file) do
if self[:selmodulepath]
[self[:selmodulepath]]
else
["#{self[:selmoduledir]}/#{self[:name]}.pp"]
end
end
end
|
