Permanently setting SELinux file contexts

asked 2013-06-11

marc.teale gravatar image

updated 2013-06-11

I've never implemented SELinux using Puppet before, and I'm having trouble figuring out how to set permanent file contexts.

For the following command, what would be the equivalent Puppet syntax? Simply pointing me at the correct section of the documentation might be enough.

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)/wp-content/upgrade(/.*)?"

I am running Puppet 2.7 on CentOS 6.4.

answered 2013-06-11

GregLarkin gravatar image

updated 2013-06-11

After checking the docs and Puppet 3.1.1 source code, it doesn't appear Puppet supports this directly. However, I did find several links to manifests that simply implement "semanage fcontext" with an exec call.

Since I don't have karma to post links yet, please Google "gist 4628864" and you will see an example that might help you.

Here's an SELinux module that may work for you:

Usage example (taken from here):

    file { $wiki_datadir:
        ensure  => directory,
        mode    => "0755",
        owner   => "root",
        group   => "root",
        seltype => "httpd_sys_rw_content_t",
    selinux::manage_fcontext ...
