File context - added method for setting file contexts #4
Conversation
|
Currently, using the selinux module will pull in the policycoreutils-python package on EL systems. This may not be the desired behavior if someone does not want to actually use the fcontext method. Preferably, the fcontext method should itself check to ensure the policycoreutils-python package is installed. In other words, if you had a manifest: class { 'selinux': }
selinux::fcontext{'foo':
context => "bar",
pathname => "baz",
}Only then should puppet make sure the policycoreutils-python package is installed. If you only had: class {'selinux':}We probably don't want to force the user to install policycoreutils-python. Right now, the init.pp has an explicit dependency on the selinux::package class, which will force policycoreutils-python to be installed. At least, in my mind, that's not preferred -- only require what's required. Hope this addition helps! |
In el5, the package is "policycoreutils" and in el6 it is "policycoreutils-python", so we have to check which release we're on.
Hi,
I've added a method that enables the setting of file contexts. It has a requirement on the policycoreutils-python package on EL systems (centos, rhel, probably scientific, etc). There may be a similar package on other systems, but semanage may already be included on those systems. I don't have access to other distros at the moment, so I cannot verify it works elsewhere.