From 0bd13076fd01a31fad2102841de33ef653738ee5 Mon Sep 17 00:00:00 2001
From: Arne Teuke <arne_teuke@confdroid.com>
Date: Thu, 3 Aug 2017 12:36:11 +0100
Subject: [PATCH] updated parameter documentation and README

---
 README.md           |  4 ++--
 manifests/params.pp | 10 +++++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 9aed658..513a557 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_selinux`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
+|`cd_selinux`| 0.0.1.0 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
 
 ### Synopsis
 [Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)
@@ -71,7 +71,7 @@ The following parameters are editable via params.pp or through ENC (**__recommen
 
 #### Optional Parameters
 * `sx_install_setools`    : Whether to install additional selinux tools, i.e. for troubleshooting.
-
+* `sx_selinux_status`     : Which selinux status should be configured, sets both the status in the configuration file and on commanbd line. Valid options are `enforcing` and `permissive`. Defaults to `enforcing`.
 
 ### SELINUX
 All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
diff --git a/manifests/params.pp b/manifests/params.pp
index b7429b2..c658b4f 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -25,9 +25,13 @@
 #   to choose, i.e. `latest` or `present`.
 # @param  [boolean] sx_install_setools Whether to install additional selinux
 #   tools, i.e. for troubleshooting.
-# @param  [string] sx_selinux_status The desired selinux status. Valid values
-#   are `enforcing`, ``permissive`, `disabled`. Note that changing from disabled
-#   to any othe other types requires a manual reboot to relable the file system.
+# @param  [string] sx_selinux_status The desired selinux status. Used for both
+#   managing the configuration file as well as the command line (setenforce).
+#   Valid values are `enforcing` and `permissive`. While the configuration file
+#   supports another  option 'disabled', this option is not available on
+#   commandline.  Note that changing the active selinux status from `disabled`
+#   to any the other types requires a manual reboot to re-lable the file system.
+#   This module does not do that for you to avoid unexpected outages.
 # @param  [string]  sx_selinux_type The desired selinux type. Valid options are
 #   `targeted`, `minimum` and `mls`.
 ##############################################################################