added selinux status configuration

README.md

@@ -1,6 +1,6 @@
 |Repo Name| version | Build Status|
 |---|---|---|---|
-|`cd_selinux`| 0.0.0.3 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
+|`cd_selinux`| 0.0.0.4 | [![Build Status](https://jenkins.confdroid.com/buildStatus/icon?job=cd_selinux)](https://jenkins.confdroid.com/job/cd_selinux/)|
 
 ### Synopsis
 [Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.](https://en.wikipedia.org/wiki/Security-Enhanced_Linux)
@@ -34,6 +34,9 @@
 Installation:
 * install binaries required for selinux and  related tools
 
+Configuration
+* manage /etc/sysconfig/selinux file (file system permissions, selinux context, content)
+* manage current selinux status (permissive,enforcing)
 
 
 ### Repo Structure
@@ -74,6 +77,8 @@ The following parameters are editable via params.pp or through ENC (**__recommen
 All files and directories are configured with correct selinux context. If selinux is disabled, these contexts are ignored.
 
 ### Known Problems
+* Systems configured with selinux disabled require a reboot for selinux to be enabled. This module will **__not__** do the reboot for you to avoid unexpected outages.
+
 
 ### Support
 * OS: CentOS 6, 7

manifests/main/config.pp

@@ -27,4 +27,12 @@ class cd_selinux::main::config (
 
   include cd_selinux::main::files
 
+  if $sx_selinux_status  == 'enforcing' {
+    exec { 'set_selinux_status':
+      command   =>  'setenforce 1',
+      path      =>  '/usr/sbin',
+      provider  =>  shell,
+      unless    =>  'getenforce | grep -i "enforcing"'
+    }
+  }
 }