Ask Your Question

Permanently setting SELinux file contexts

asked 2013-06-11 11:18:33 -0600

marc.teale gravatar image

updated 2013-06-11 12:51:39 -0600

I've never implemented SELinux using Puppet before, and I'm having trouble figuring out how to set permanent file contexts.

For the following command, what would be the equivalent Puppet syntax? Simply pointing me at the correct section of the documentation might be enough.

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)/wp-content/upgrade(/.*)?"

I am running Puppet 2.7 on CentOS 6.4.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-06-11 12:23:40 -0600

GregLarkin gravatar image

updated 2013-06-11 14:48:37 -0600

After checking the docs and Puppet 3.1.1 source code, it doesn't appear Puppet supports this directly. However, I did find several links to manifests that simply implement "semanage fcontext" with an exec call.

Since I don't have karma to post links yet, please Google "gist 4628864" and you will see an example that might help you.

Here's an SELinux module that may work for you:

Usage example (taken from here):

    file { $wiki_datadir:
        ensure  => directory,
        mode    => "0755",
        owner   => "root",
        group   => "root",
        seltype => "httpd_sys_rw_content_t",
    selinux::manage_fcontext ...
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2013-06-11 11:18:33 -0600

Seen: 4,624 times

Last updated: Jun 11 '13