From 0a68f80156895fa982915d291264997694502483 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 22 Oct 2018 18:53:55 +0200 Subject: [PATCH] updates selinux tools --- manifests/selinux/config.pp | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/manifests/selinux/config.pp b/manifests/selinux/config.pp index 9f2ae2e..eb74745 100644 --- a/manifests/selinux/config.pp +++ b/manifests/selinux/config.pp @@ -26,6 +26,8 @@ class cd_nagios::selinux::config ( if $ng_use_selinux_tools == true { + require cd_selinux + # it appears that selinux hehaves differently accross different nodes, # so all we can do for now is to create a list of the AVC alerts and come up # with a solution on that later. @@ -38,23 +40,23 @@ class cd_nagios::selinux::config ( } # sealert tac-cgi - exec { 'create_policy_taccgi': - command => template($ng_taccgi_erb), - path => ['/usr/bin','/usr/sbin'], - user => $ng_user, - cwd => $ng_user_home, - creates => "${ng_user_home}/my-taccgi.pp", - notify => Exec['semodule_taccgi'], - } +# exec { 'create_policy_taccgi': +# command => template($ng_taccgi_erb), +# path => ['/usr/bin','/usr/sbin'], +# user => $ng_user, +# cwd => $ng_user_home, +# creates => "${ng_user_home}/my-taccgi.pp", +# notify => Exec['semodule_taccgi'], +# } - exec { 'semodule_taccgi': - command => "semodule -i ${ng_user_home}/my-taccgi.pp", - path => ['/usr/bin','/usr/sbin'], - user => $ng_user, - cwd => $ng_user_home, - require => Exec['create_policy_taccgi'], - refreshonly => true, - } +# exec { 'semodule_taccgi': +# command => "semodule -i ${ng_user_home}/my-taccgi.pp", +# path => ['/usr/bin','/usr/sbin'], +# user => $ng_user, +# cwd => $ng_user_home, +# require => Exec['create_policy_taccgi'], +# refreshonly => true, +# } # sealert status.cgi