Defined Type: selinux::login

Defined in:
manifests/login.pp

Summary

Manage a SELinux login

Overview

This method will manage a selinux login, and will persist it across reboots.

Examples:

Add a map for the localuser to staff_u

selinux::login { 'localuser_staff_u':
  ensure   => 'present',
  selinux_login_name  => 'localuser',
  selinux_user => 'staff_u',
}

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Set to present to add or absent to remove a selinux login.

  • selinux_login_name (String[1])

    A Linux user or group

  • selinux_user (String[1])

    The selinux user to map to

  • selinux_mlsrange (Optional[String[1]]) (defaults to: undef)

    The MLS range to set. If undef, the MLS range of the SELinux user will be used.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'manifests/login.pp', line 18

define selinux::login (
  String[1]                    $selinux_login_name,
  String[1]                    $selinux_user,
  Optional[String[1]]          $selinux_mlsrange = undef,
  Enum['present', 'absent'] $ensure = 'present',
) {
  include selinux

  if $ensure == 'present' {
    Anchor['selinux::module post']
    -> Selinux::Login[$title]
    -> Anchor['selinux::end']
  } elsif $ensure == 'absent' {
    Class['selinux::config']
    -> Selinux::Login[$title]
    -> Anchor['selinux::module pre']
  } else {
    fail('Unexpected $ensure value')
  }

  # Do nothing unless SELinux is enabled
  if $facts['os']['selinux']['enabled'] {
    selinux_login { $selinux_login_name:
      ensure             => $ensure,
      selinux_login_name => $selinux_login_name,
      selinux_user       => $selinux_user,
      selinux_mlsrange   => $selinux_mlsrange,
    }
  }
}