File tree Expand file tree Collapse file tree 3 files changed +28
-4
lines changed Expand file tree Collapse file tree 3 files changed +28
-4
lines changed Original file line number Diff line number Diff line change 6565 }
6666 # update SELinux
6767 if $::selinux_config_mode == ' enforcing'
68- file {'get-SEL-policy' :
69- path => ' /usr/share/selinux/targeted/nginx.pp'
70- source => ' puppet:///modules/puppet/nginx.selmodule'
71- } ->
7268 package {'policycoreutils' :
7369 ensure => ' latest'
7470 } ->
71+ file { 'selinux template' :
72+ path => ' /tmp/nginx.te'
73+ ensure => file ,
74+ content => template (' puppet/unicorn_selinux_template'
75+ } ->
76+ exec { 'building selinux module from template' :
77+ path => [ " /usr/bin" " /usr/local/bin"
78+ command => ' checkmodule -M -m -o /tmp/nginx.mod /tmp/nginx.te'
79+ } ->
80+ exec { 'building selinux policy package from module' :
81+ path => [ " /usr/bin" " /usr/local/bin"
82+ command => ' semodule_package -o /tmp/nginx.pp -m /tmp/nginx.mod'
83+ } ->
84+ file { "/usr/share/selinux/targeted/nginx.pp" :
85+ source => ' /tmp/nginx.pp'
86+ } ->
7587 selmodule {'nginx' :
7688 ensure => ' present'
7789 syncversion => true ,
Original file line number Diff line number Diff line change 1+ module nginx 1.0;
2+ require {
3+ type httpd_t;
4+ type puppet_var_run_t;
5+ class process setrlimit;
6+ class sock_file write;
7+ class dir search;
8+ }
9+
10+ #============= httpd_t ==============
11+ allow httpd_t puppet_var_run_t:sock_file write;
12+ allow httpd_t puppet_var_run_t:dir search;
You can’t perform that action at this time.
0 commit comments