Puppet Class: cd_selinux::params

Inherited by:
cd_selinux::main::dirs
cd_selinux::main::files
cd_selinux::main::config
cd_selinux::main::install
Defined in:
manifests/params.pp

Summary

Class holds all parameters for the cd_selinux module and is inherited by all classes except defines.

Overview

cd_selinux::params.pp Module name: cd_selinux Author: Arne Teuke (arne_teuke@ConfDroid.com)

License:

This file is part of cd_selinux.

cd_selinux is used for providing automatic configuration of SELINUX. Copyright (C) 2016 ConfDroid (copyright@ConfDroid.com) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see www.gnu.org/licenses/.

Parameters:

  • pkg_ensure (string) (defaults to: 'latest')

    which package type to choose, i.e. latest or present.

  • sx_install_setools (boolean) (defaults to: false)

    Whether to install additional selinux tools, i.e. for troubleshooting.

  • sx_selinux_status (string) (defaults to: 'enforcing')

    The desired selinux status. Used for both managing the configuration file as well as the command line (setenforce). Valid values are enforcing and permissive. While the configuration file supports another option 'disabled', this option is not available on commandline. Note that changing the active selinux status from disabled to any the other types requires a manual reboot to re-lable the file system. This module does not do that for you to avoid unexpected outages.

  • sx_selinux_type (string) (defaults to: 'targeted')

    The desired selinux type. Valid options are targeted, minimum and mls.



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'manifests/params.pp', line 38

class cd_selinux::params (

$pkg_ensure           = 'latest',

$sx_install_setools   = false,
$sx_selinux_status    = 'enforcing',
$sx_selinux_type      = 'targeted',

) {

# installation section
$reqpackages_main  = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['selinux-policy','policycoreutils'],
  }

$reqpackages_tools  = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['setroubleshoot-server',
                                        'policycoreutils-python'],
  }

# directories
$sx_main_dir        = '/etc/selinux'

# files
$sx_main_file       = "${sx_main_dir}/config"
$sx_main_file_erb   = 'cd_selinux/main/selinux_config.erb'


# includes must be last
  include cd_selinux::main::config
}