diff options
| author | mh <mh@immerda.ch> | 2012-02-12 15:43:28 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2012-02-12 15:43:28 +0100 |
| commit | 8d61ad7c8a76adf378a319245d655cf0fce18d25 (patch) | |
| tree | d54fbf9bbdb80573d2086ed19a965c493b6d7ee3 /manifests | |
| parent | 89495dae91ac87b7dad314d6e1c3737913865e2b (diff) | |
manage selinux stuff
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/centos.pp | 10 | ||||
| -rw-r--r-- | manifests/defaultdavdbdir.pp | 18 | ||||
| -rw-r--r-- | manifests/defaultphpdirs.pp | 15 | ||||
| -rw-r--r-- | manifests/init.pp | 6 |
4 files changed, 39 insertions, 10 deletions
diff --git a/manifests/centos.pp b/manifests/centos.pp index 6bb9ed8..0c3ee45 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -28,6 +28,16 @@ class apache::centos inherits apache::package { path => '/var/www/html/index.html', } + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/vhosts/.+/www(/.*)?', + '/var/www/vhosts/.+/non_public(/.*)?', + '/var/www/vhosts/.+/g2data(/.*)?', + '/var/www/vhosts/.+/upload(/.*)?' ]: + setype => 'httpd_sys_rw_content_t', + before => File[web_dir]; + } + } file{'apache_service_config': path => '/etc/sysconfig/httpd', source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd", diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp index 186871c..c0e2a81 100644 --- a/manifests/defaultdavdbdir.pp +++ b/manifests/defaultdavdbdir.pp @@ -1,7 +1,17 @@ class apache::defaultdavdbdir { - file{'/var/www/dav_db_dir': - ensure => directory, - require => Package['apache'], - owner => root, group => 0, mode => 0755; + file { + '/var/www/dav_db_dir' : + ensure => directory, + require => Package['apache'], + owner => root, + group => 0, + mode => 0755 ; + } + if $::selinux != 'false' { + selinux::fcontext { + ['/var/www/dav_db_dir/.+(/.*)?'] : + setype => 'httpd_var_lib_t', + before => File['/var/www/dav_db_dir'] ; + } } } diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index eba060a..e8b3e4e 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -1,12 +1,21 @@ class apache::defaultphpdirs { - file{'/var/www/upload_tmp_dir': + file{ + '/var/www/upload_tmp_dir': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; - } - file{'/var/www/session.save_path': + '/var/www/session.save_path': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; } + + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/upload_tmp_dir/.+(/.*)?', + '/var/www/session.save_path/.+(/.*)?']: + setype => 'httpd_sys_rw_content_t', + before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index c6b24a8..db1a077 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,7 +19,7 @@ # $apache_default_group: Set this to the group with which the # apache is running. class apache { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::centos } gentoo: { include apache::gentoo } debian: { include apache::debian } @@ -27,10 +27,10 @@ class apache { openbsd: { include apache::openbsd } default: { include apache::base } } - if $use_munin { + if hiera('use_munin',false) { include apache::status } - if $use_shorewall { + if hiera('use_shorewall',false) { include shorewall::rules::http } } |