Defined Type: selinux::exec_restorecon

Defined in:
manifests/exec_restorecon.pp

Overview

selinux::exec_restorecon

A convenience wrapper around a restorecon exec

Will execute after all other SELinux changes have been applied, but before Anchor

Parameters:

  • path (Stdlib::Absolutepath) (defaults to: $title)

    The path to run restorecon on. Defaults to resource title.

  • recurse (Boolean) (defaults to: true)

    Whether restorecon should recurse. Defaults to true

  • refreshonly (Boolean) (defaults to: true)

    see the Exec resource

  • unless (Optional[String]) (defaults to: undef)

    see the Exec resource

  • onlyif (Optional[String]) (defaults to: undef)

    see the Exec resource



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 
# File 'manifests/exec_restorecon.pp', line 14

define selinux::exec_restorecon(
  Stdlib::Absolutepath $path        = $title,
  Boolean              $refreshonly = true,
  Boolean              $recurse     = true,
  Optional[String]     $unless      = undef,
  Optional[String]     $onlyif      = undef,
) {
  include ::selinux
  $command = $recurse ? {
    true  => 'restorecon -R',
    false => 'restorecon',
  }

  exec {"selinux::exec_restorecon ${path}":
    path        => '/sbin:/usr/sbin',
    command     => sprintf('%s %s', $command, shellquote($path)),
    refreshonly => $refreshonly,
    unless      => $unless,
    onlyif      => $onlyif,
    before      => Anchor['selinux::end'],
  }

  Anchor['selinux::module post']  -> Exec["selinux::exec_restorecon ${path}"]
}