# profiles::cobbler::selinux
class profiles::cobbler::selinux inherits profiles::cobbler::params {

  include profiles::cobbler::params

  $tftpboot_path = $profiles::cobbler::params::tftpboot_path

  # manage selinux requirements for cobbler
  if $::facts['os']['selinux']['config_mode'] == 'enforcing' {

    $enable_sebooleans = [
      'httpd_can_network_connect_cobbler',
      'httpd_serve_cobbler_files',
      'cobbler_can_network_connect'
    ]

    $enable_sebooleans.each |$bool| {
      selboolean { $bool:
        value      => on,
        persistent => true,
      }
    }

    selinux::fcontext { $tftpboot_path:
      ensure   => 'present',
      seltype  => 'cobbler_var_lib_t',
      pathspec => "${tftpboot_path}(/.*)?",
    }
    selinux::fcontext { '/data/cobbler':
      ensure   => 'present',
      seltype  => 'cobbler_var_lib_t',
      pathspec => '/data/cobbler(/.*)?',
    }

    exec { "restorecon_${tftpboot_path}":
      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
      command     => "restorecon -Rv ${tftpboot_path}",
      refreshonly => true,
      subscribe   => Selinux::Fcontext[$tftpboot_path],
    }
    exec { 'restorecon_/data/cobbler':
      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
      command     => 'restorecon -Rv /data/cobbler',
      refreshonly => true,
      subscribe   => Selinux::Fcontext['/data/cobbler'],
    }
  }
}