From 8d61ad7c8a76adf378a319245d655cf0fce18d25 Mon Sep 17 00:00:00 2001 From: mh Date: Sun, 12 Feb 2012 15:43:28 +0100 Subject: manage selinux stuff --- manifests/centos.pp | 10 ++++++++++ manifests/defaultdavdbdir.pp | 18 ++++++++++++++---- manifests/defaultphpdirs.pp | 15 ++++++++++++--- manifests/init.pp | 6 +++--- 4 files changed, 39 insertions(+), 10 deletions(-) diff --git a/manifests/centos.pp b/manifests/centos.pp index 6bb9ed8..0c3ee45 100644 --- a/manifests/centos.pp +++ b/manifests/centos.pp @@ -28,6 +28,16 @@ class apache::centos inherits apache::package { path => '/var/www/html/index.html', } + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/vhosts/.+/www(/.*)?', + '/var/www/vhosts/.+/non_public(/.*)?', + '/var/www/vhosts/.+/g2data(/.*)?', + '/var/www/vhosts/.+/upload(/.*)?' ]: + setype => 'httpd_sys_rw_content_t', + before => File[web_dir]; + } + } file{'apache_service_config': path => '/etc/sysconfig/httpd', source => [ "puppet:///modules/site-apache/service/CentOS/${fqdn}/httpd", diff --git a/manifests/defaultdavdbdir.pp b/manifests/defaultdavdbdir.pp index 186871c..c0e2a81 100644 --- a/manifests/defaultdavdbdir.pp +++ b/manifests/defaultdavdbdir.pp @@ -1,7 +1,17 @@ class apache::defaultdavdbdir { - file{'/var/www/dav_db_dir': - ensure => directory, - require => Package['apache'], - owner => root, group => 0, mode => 0755; + file { + '/var/www/dav_db_dir' : + ensure => directory, + require => Package['apache'], + owner => root, + group => 0, + mode => 0755 ; + } + if $::selinux != 'false' { + selinux::fcontext { + ['/var/www/dav_db_dir/.+(/.*)?'] : + setype => 'httpd_var_lib_t', + before => File['/var/www/dav_db_dir'] ; + } } } diff --git a/manifests/defaultphpdirs.pp b/manifests/defaultphpdirs.pp index eba060a..e8b3e4e 100644 --- a/manifests/defaultphpdirs.pp +++ b/manifests/defaultphpdirs.pp @@ -1,12 +1,21 @@ class apache::defaultphpdirs { - file{'/var/www/upload_tmp_dir': + file{ + '/var/www/upload_tmp_dir': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; - } - file{'/var/www/session.save_path': + '/var/www/session.save_path': ensure => directory, require => Package['apache'], owner => root, group => 0, mode => 0755; } + + if $::selinux != 'false' { + selinux::fcontext{ + ['/var/www/upload_tmp_dir/.+(/.*)?', + '/var/www/session.save_path/.+(/.*)?']: + setype => 'httpd_sys_rw_content_t', + before => File['/var/www/upload_tmp_dir','/var/www/session.save_path']; + } + } } diff --git a/manifests/init.pp b/manifests/init.pp index c6b24a8..db1a077 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,7 +19,7 @@ # $apache_default_group: Set this to the group with which the # apache is running. class apache { - case $operatingsystem { + case $::operatingsystem { centos: { include apache::centos } gentoo: { include apache::gentoo } debian: { include apache::debian } @@ -27,10 +27,10 @@ class apache { openbsd: { include apache::openbsd } default: { include apache::base } } - if $use_munin { + if hiera('use_munin',false) { include apache::status } - if $use_shorewall { + if hiera('use_shorewall',false) { include shorewall::rules::http } } -- cgit v1.2.3