Puppet Class: r_profile::linux::selinux

Defined in:
manifests/linux/selinux.pp

Overview

R_profile::Linux::Selinux

Managment of SELinux and optional removal of the setroubleshoot debug package

Parameters:

  • sel_mode (Enum['noop', 'enforcing', 'permissive', 'disabled']) (defaults to: hiera("r_profile::linux::selinux::mode", 'noop'))

    Enforcment of the SELinux mode to apply to this node. noop means leave the current SELinux mode alone, the remaining allowed values force the SELinux mode to be enforced as requested. Don’t forget that you usually have to reboot after changing the mode. To avoid accidentally rebooting systems this module does not do this for you.

  • remove_troubleshoot (Boolean) (defaults to: hiera("r_profile::linux::selinux::remove_troubleshoot", false))

    true to remove the setroubleshoot package, false to leave it alone



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'manifests/linux/selinux.pp', line 12

class r_profile::linux::selinux(
    Enum['noop', 'enforcing', 'permissive', 'disabled'] $sel_mode =
      hiera("r_profile::linux::selinux::mode", 'noop'),
    Boolean $remove_troubleshoot =
      hiera("r_profile::linux::selinux::remove_troubleshoot", false),
) {

  if $sel_mode != "noop" {
    # if we have been requested to reconfigure SELinux, do so...
    class { "selinux":
      mode => $sel_mode,
    }
  }

  if $remove_troubleshoot {
    # Remove setroubleshoot if we have been requested to
    package { "setroubleshoot":
      ensure => absent,
    }
  }
}