confdroid/confdroid_selinux
1
0
Fork 0
Code Issues Projects Wiki Activity

updated parameter documentation and README

Browse Source
This commit is contained in:
Arne Teuke
2017-08-03 12:36:11 +01:00
parent a1177ccacf
commit 0bd13076fd
2 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -1,6 +1,6 @@
|Repo Name| version | Build Status|
|---|---|---|---|
|`cd_selinux`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
|`cd_selinux`| 0.0.1.0 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
### Synopsis
[Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)
@@ -71,7 +71,7 @@ The following parameters are editable via params.pp or through ENC (**__recommen
#### Optional Parameters
* `sx_install_setools` : Whether to install additional selinux tools, i.e. for troubleshooting.
* `sx_selinux_status` : Which selinux status should be configured, sets both the status in the configuration file and on commanbd line. Valid options are `enforcing` and `permissive`. Defaults to `enforcing`.
### SELINUX
All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.

10
manifests/params.pp
View File

@@ -25,9 +25,13 @@
# to choose, i.e. `latest` or `present`.
# @param [boolean] sx_install_setools Whether to install additional selinux
# tools, i.e. for troubleshooting.
# @param [string] sx_selinux_status The desired selinux status. Valid values
# are `enforcing`, ``permissive`, `disabled`. Note that changing from disabled
# to any othe other types requires a manual reboot to relable the file system.
# @param [string] sx_selinux_status The desired selinux status. Used for both
# managing the configuration file as well as the command line (setenforce).
# Valid values are `enforcing` and `permissive`. While the configuration file
# supports another option 'disabled', this option is not available on
# commandline. Note that changing the active selinux status from `disabled`
# to any the other types requires a manual reboot to re-lable the file system.
# This module does not do that for you to avoid unexpected outages.
# @param [string] sx_selinux_type The desired selinux type. Valid options are
# `targeted`, `minimum` and `mls`.
##############################################################################