Puppet Class: cd_selinux::params

Inherited by:
cd_selinux::main::dirs
cd_selinux::main::files
cd_selinux::main::config
cd_selinux::main::install
Defined in:
manifests/params.pp

Summary

Class holds all parameters for the cd_selinux module and is inherited by all classes except defines.

Overview

cd_selinux::params.pp Module name: cd_selinux Author: Arne Teuke (arne_teuke@ConfDroid.com)

Parameters:

  • pkg_ensure (String) (defaults to: 'latest')

    which package type to choose, i.e. latest or present.

  • sx_install_setools (Boolean) (defaults to: false)

    Whether to install additional selinux tools, i.e. for troubleshooting.

  • sx_selinux_status (String) (defaults to: 'enforcing')

    The desired selinux status. Used for both managing the configuration file as well as the command line (setenforce). Valid values are enforcing and permissive. While the configuration file supports another option ‘disabled’, this option is not available on commandline. Note that changing the active selinux status from disabled to any the other types requires a manual reboot to re-label the file system. This module does not do that for you to avoid unexpected outages.

  • sx_selinux_type (String) (defaults to: 'targeted')

    The desired selinux type. Valid options are targeted, minimum and mls.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'manifests/params.pp', line 21

class cd_selinux::params (

  String $pkg_ensure           = 'latest',

  Boolean $sx_install_setools  = false,
  String $sx_selinux_status    = 'enforcing',
  String $sx_selinux_type      = 'targeted',

) {
# installation section
  $reqpackages_main  = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['selinux-policy','policycoreutils'],
  }

  $reqpackages_tools  = $::operatingsystem ? {
    /(?i-mx:centos|fedora|redhat)/ => ['setroubleshoot-server','policycoreutils-python'],
  }

# directories
  $sx_main_dir        = '/etc/selinux'

# files
  $sx_main_file       = "${sx_main_dir}/config"
  $sx_main_file_erb   = 'cd_selinux/main/selinux_config.erb'

# includes must be last
  include cd_selinux::main::config
}