selinux
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Defined Types
- Development - Guide for contributing to the module
- Authors
Overview
This class manages SELinux on RHEL based systems.
Requirements
- Puppet-2.7.0 or later
- Facter 1.7.0 or later
- Ruby-1.9.3 or later (Support for Ruby-1.8.7 is not guaranteed. YMMV).
Module Description
This module will configure SELinux and/or deploy SELinux based modules to running system.
Requires puppetlabs/stdlib [https://github.com/puppetlabs/puppetlabs-stdlib]
Usage
Parameters:
$mode
(enforced|permissive|disabled) - sets the operating state for SELinux.$type
(targeted|minimum|mls) - sets the enforcement type.$manage_package
(boolean) - Whether or not to manage the SELinux management package.$package_name
(string) - sets the name of the selinux management package.
Reference
Basic usage
include selinux
This will include the module and allow you to use the provided defined types, but will not modify existing SELinux settings on the system.
More advanced usage
class { selinux:
mode => 'enforcing',
type => 'targeted',
}
This will include the module and manage the SELinux mode (possible values are enforcing
, permissive
, and disabled
) and enforcement type (possible values are target
, minimum
, and mls
). Note that disabling SELinux requires a reboot to fully take effect. It will run in permissive
mode until then.
Deploy a custom module
selinux::module { 'resnet-puppet':
ensure => 'present',
source => 'puppet:///modules/site_puppet/site-puppet.te',
}
Set a boolean value
selinux::boolean { 'puppetagent_manage_all_files': }
Defined Types
boolean
- Set seboolean valuesfcontext
- Define fcontext types and equals valuesmodule
- Manage an SELinux modulepermissive
- Set a context topermissive
.port
- Set selinux port context policies
Development
Authors
James Fryman james@fryman.io