From 00febd8eced34cfbd756dca6c841e5c950a516d9 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Sat, 7 Mar 2026 11:07:31 +0100
Subject: [PATCH] OP#436 add file controls

---
 manifests/params.pp             |  1 +
 manifests/server/files.pp       | 53 +++++++++++++++++++++++++++++----
 templates/nagios/nagios_cfg.erb |  4 +--
 3 files changed, 49 insertions(+), 9 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index 733e506..e7e3d6c 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -256,6 +256,7 @@ class confdroid_nagios::params (
   $ng_precached_obj_file      = "${ng_spool_dir}/objects.precache"
   $ng_status_file             = "${ng_spool_dir}/status.dat"
   $ng_command_file            = "${ng_cmd_dir}/nagios.cmd"
+  $ng_lock_file               = "${ng_run_dir}/nagios.pid"
 
 ## old
   $ng_taccgi_erb              = 'confdroid_nagios/selinux/taccgi.erb'
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index ab259e8..17fdcbe 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -9,12 +9,53 @@ class confdroid_nagios::server::files (
   require confdroid_nagios::main::dirs
   if $ng_nagios_server == $fqdn {
     file { $ng_nagios_cfg_file:
-      ensure  => file,
-      owner   => 'nagios',
-      group   => 'nagios',
-      mode    => '0644',
-      content => template($ng_nagios_cfg_erb),
-      notify  => Service[$ng_service],
+      ensure   => file,
+      owner    => 'nagios',
+      group    => 'nagios',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => nagios_etc_t,
+      seluser  => system_u,
+      content  => template($ng_nagios_cfg_erb),
+      notify   => Service[$ng_service],
+    }
+
+    file { $ng_nagios_cgi_cfg_file:
+      ensure   => file,
+      owner    => 'nagios',
+      group    => 'nagios',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => nagios_etc_t,
+      seluser  => system_u,
+      content  => template($ng_nagios_cgi_cfg_erb),
+      notify   => Service[$ng_service],
+    }
+
+    file { $ng_nagios_resource_cfg_file:
+      ensure   => file,
+      owner    => 'nagios',
+      group    => 'nagios',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => nagios_etc_t,
+      seluser  => system_u,
+      content  => template($ng_nagios_resource_cfg_erb),
+      notify   => Service[$ng_service],
+    }
+
+    file { $ng_lock_file:
+      ensure   => file,
+      owner    => 'nagios',
+      group    => 'nagios',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => nagios_var_run_t,
+      seluser  => system_u,
     }
   }
 }
diff --git a/templates/nagios/nagios_cfg.erb b/templates/nagios/nagios_cfg.erb
index 11ff4e4..9e4cb5f 100644
--- a/templates/nagios/nagios_cfg.erb
+++ b/templates/nagios/nagios_cfg.erb
@@ -36,13 +36,11 @@ command_file=<%= @ng_command_file %>
 
 query_socket=<%= @ng_cmd_dir %>/nagios.qh
 
-
-
 # LOCK FILE
 # This is the lockfile that Nagios will use to store its PID number
 # in when it is running in daemon mode.
 
-lock_file=/var/run/nagios/nagios.pid
+lock_file=<%= @ng_lock_file %>