Defined Type: selinux::login

Defined in:
manifests/login.pp

Summary

Manage a SELinux login

Overview

This method will manage a selinux login, and will persist it across reboots.

Examples:

Add a map for the localuser to staff_u

selinux::login { 'localuser_staff_u':
  ensure   => 'present',
  selinux_login_name  => 'localuser',
  selinux_user => 'staff_u',
}

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Set to present to add or absent to remove a selinux login.

  • selinux_login_name (String[1])

    A Linux user or group

  • selinux_user (String[1])

    The selinux user to map to



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'manifests/login.pp', line 17

define selinux::login (
  String[1]                    $selinux_login_name,
  String[1]                    $selinux_user,
  Enum['present', 'absent'] $ensure = 'present',
) {
  include selinux

  if $ensure == 'present' {
    Anchor['selinux::module post']
    -> Selinux::Login[$title]
    -> Anchor['selinux::end']
  } elsif $ensure == 'absent' {
    Class['selinux::config']
    -> Selinux::Login[$title]
    -> Anchor['selinux::module pre']
  } else {
    fail('Unexpected $ensure value')
  }

  # Do nothing unless SELinux is enabled
  if $facts['os']['selinux']['enabled'] {
    selinux_login { $selinux_login_name:
      ensure             => $ensure,
      selinux_login_name => $selinux_login_name,
      selinux_user       => $selinux_user,
    }
  }
}