Defined Type: selinux::permissive

Defined in:
manifests/permissive.pp

Overview

Set SELinux type to permissive

Examples:

Mark oddjob_mkhomedir_t permissive

selinux::permissive { 'oddjob_mkhomedir_t':
  ensure => 'present'
}

Parameters:

  • ensure (Enum['present', 'absent']) (defaults to: 'present')

    Set to present to add or absent to remove a permissive mode of a type

  • seltype (String) (defaults to: $title)

    A particular selinux type to make permissive, like “oddjob_mkhomedir_t”



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'manifests/permissive.pp', line 11

define selinux::permissive (
  String $seltype = $title,
  Enum['present', 'absent'] $ensure = 'present',
) {
  include selinux
  if $ensure == 'present' {
    Anchor['selinux::module post']
    -> Selinux::Permissive[$title]
    -> Anchor['selinux::end']
  } else {
    Anchor['selinux::start']
    -> Selinux::Permissive[$title]
    -> Anchor['selinux::module pre']
  }

  if $facts['os']['selinux']['enabled'] {
    selinux_permissive { $seltype:
      ensure => $ensure,
    }
  }
}