3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# File 'manifests/config.pp', line 3
class selinux::config {
assert_private()
reboot_notify { 'selinux': reason => 'A reboot is required to modify the selinux state' }
selinux_state { 'set_selinux_state':
ensure => $selinux::ensure,
autorelabel => $selinux::autorelabel,
notify => Reboot_notify['selinux']
}
$_enabling = !$facts['os']['selinux']['enabled'] and member(['enforcing','permissive'], $selinux::state)
$_disabling = $facts['os']['selinux']['enabled'] and !member(['enforcing','permissive'], $selinux::state)
if $selinux::kernel_enforce {
if $selinux::state == 'disabled' {
kernel_parameter { 'selinux':
value => '0',
notify => Reboot_notify['selinux']
}
}
else {
kernel_parameter { 'selinux':
value => '1',
notify => Reboot_notify['selinux']
}
if ( $selinux::state == 'permissive' ) {
kernel_parameter { 'enforcing':
value => '0',
notify => Reboot_notify['selinux']
}
}
else {
kernel_parameter { 'enforcing':
value => '1',
notify => Reboot_notify['selinux']
}
}
}
}
file { '/etc/selinux/config':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => epp("${module_name}/etc/selinux/config",
{
state => $selinux::state,
mode => $selinux::mode
}
)
}
}
|