Ask Your Question
2

Permanently setting SELinux file contexts

asked 2013-06-11 11:18:33 -0500

marc.teale gravatar image

updated 2013-06-11 12:51:39 -0500

I've never implemented SELinux using Puppet before, and I'm having trouble figuring out how to set permanent file contexts.

For the following command, what would be the equivalent Puppet syntax? Simply pointing me at the correct section of the documentation might be enough.

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)/wp-content/upgrade(/.*)?"

I am running Puppet 2.7 on CentOS 6.4.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
2

answered 2013-06-11 12:23:40 -0500

GregLarkin gravatar image

updated 2013-06-11 14:48:37 -0500

After checking the docs and Puppet 3.1.1 source code, it doesn't appear Puppet supports this directly. However, I did find several links to manifests that simply implement "semanage fcontext" with an exec call.

Since I don't have karma to post links yet, please Google "gist 4628864" and you will see an example that might help you.

Here's an SELinux module that may work for you: https://bitbucket.org/tmakinen/puppet/src/c0d847631506e3e11ed9e5499bb4d08317522bdd/wiki/manifests/init.pp

Usage example (taken from here):

    file { $wiki_datadir:
        ensure  => directory,
        mode    => "0755",
        owner   => "root",
        group   => "root",
        seltype => "httpd_sys_rw_content_t",
    }
    selinux::manage_fcontext ...
(more)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2013-06-11 11:18:33 -0500

Seen: 3,294 times

Last updated: Jun 11 '13