Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
- Puppet >= 5.0.0 < 7.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'ghoneycutt-selinux', '2.3.0'Learn more about managing modules with a PuppetfileDocumentation
puppet-module-selinux
Table of Contents
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with selinux
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Module description
This module manages SELinux and by default will enable it.
Setup
What selinux affects
Manages SELinux and its configuration. It manages the file
/etc/selinux/config and optionally manages the
policycoreutils-python package.
Setup requirements
This module requires stdlib.
Beginning with selinux
Examples
Enable SELinux
include ::selinux
Disable SELinux
class { '::selinux':
mode => 'disabled',
}
Usage
Minimal and normal usage.
include ::selinux
Limitations
This module has been tested to work on the following systems with Puppet
versions 5 and 6 with the Ruby version associated with those releases.
Please see .travis.yml for a full matrix of supported versions. This
module aims to support the current and previous major Puppet versions.
- EL 5
- EL 6
- EL 7
Development
See CONTRIBUTING.md for information related to the development of this
module.
Reference
Table of Contents
Classes
selinux: Manage SELinux
Classes
selinux
This module manages the SELinux configuration file.
Examples
Declaring the class
include ::selinux
To enable SSH key based login for an user account outside of the normal location:
semanage fcontext -a -t ssh_home_t /var/lib/git/.ssh
semanage fcontext -a -t ssh_home_t /var/lib/git/.ssh/authorized_keys
restorecon -v /var/lib/git/.ssh/
restorecon -v /var/lib/git/.ssh/authorized_keys
Parameters
The following parameters are available in the selinux class.
mode
Data type: Pattern[/^enforcing|permissive|disabled$/]
Operation mode of SELinux, valid values are 'enforcing', 'permissive' and 'disabled'.
Default value: 'enforcing'
type
Data type: Pattern[/^targeted|strict$/]
The type of policies in use, valid values are 'targeted' and 'strict'.
Default value: 'targeted'
setlocaldefs
Data type: Variant[Undef, Enum['0','1'], Integer[0,1]]
String or Integer to pass to SETLOCALDEFS option. Valid values are '0' and '1'. If left undef, then the SETLOCALDEFS option is not included in the config_file.
Default value: undef
config_file
Data type: Stdlib::Absolutepath
The path to the selinux configuration path to manage.
Default value: '/etc/selinux/config'
policytools
Data type: Boolean
If true, manage the policycoreutils-python package. The purpose of this
behavior is to provide the semanage command, e.g. to reconfigure the
selinux policy such that restorecon will restore a file to the desired
state.
Default value: false
Change Log
v2.2.0 (2018-12-13)
Merged pull requests:
- Modernize #37 (ghoneycutt)
v2.1.0 (2018-12-12)
Merged pull requests:
- Add support for Puppet 6 #36 (Phil-Friderici)
- Add policytools parameter to provide semanage command #29 (jeffmccune)
v2.0.0 (2017-12-14)
Merged pull requests:
- Puppet5 #34 (ghoneycutt)
- Ci #33 (ghoneycutt)
- Support Puppet >= 4.9 #32 (Phil-Friderici)
v1.3.2 (2016-11-07)
Merged pull requests:
- Fix dependencies #31 (ghoneycutt)
- Fix exec to set the mode #22 (ghoneycutt)
v1.3.1 (2016-08-31)
v1.3.0 (2016-08-31)
Merged pull requests:
- Add support for Puppet v4 and Ruby versions 2.1.0 and 2.3.1 #30 (ghoneycutt)
- Validate config_file parameter #21 (ghoneycutt)
v1.2.0 (2014-07-18)
Closed issues:
- puppet librarian can't download version 1.1.0 #17
Merged pull requests:
- Set selinux mode #19 (ghoneycutt)
v1.1.0 (2014-05-29)
Merged pull requests:
- Support el5 #16 (ghoneycutt)
v1.0.0 (2014-04-06)
Closed issues:
- Tag a release #13
Merged pull requests:
- Modernize #14 (ghoneycutt)
v0.0.1 (2014-01-25)
Closed issues:
Merged pull requests:
- Travis #12 (ghoneycutt)
- Support rspec-puppet v1.0.0 #11 (ghoneycutt)
- Update Travis harness to use current Puppet versions #10 (ghoneycutt)
- Integrate with Travis-ci.org #7 (ghoneycutt)
- Collab with gusson docs #5 (ghoneycutt)
- Collab with gusson spec #4 (ghoneycutt)
- Added spec testing #3 (albgus)
- Added documentation to the module #2 (albgus)
* This Change Log was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>= 4.24.0 < 6.0.0)
Copyright (C) 2010-2018 Garrett Honeycutt <code@garretthoneycutt.com>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.