41 lines
1.1 KiB
Puppet
41 lines
1.1 KiB
Puppet
# certbot::selinux
|
|
class certbot::selinux (
|
|
Stdlib::Absolutepath $data_root = $certbot::data_root,
|
|
) {
|
|
|
|
if $::facts['os']['selinux']['config_mode'] == 'enforcing' {
|
|
|
|
# set httpd_sys_content_t to all files under the www_root
|
|
selinux::fcontext { "${data_root}/pub":
|
|
ensure => 'present',
|
|
seltype => 'httpd_sys_content_t',
|
|
pathspec => "${data_root}/pub(/.*)?",
|
|
}
|
|
|
|
# make sure we can connect to other hosts
|
|
selboolean { 'httpd_can_network_connect':
|
|
persistent => true,
|
|
value => 'on',
|
|
}
|
|
selboolean { 'rsync_client':
|
|
persistent => true,
|
|
value => 'on',
|
|
}
|
|
selboolean { 'rsync_export_all_ro':
|
|
persistent => true,
|
|
value => 'on',
|
|
}
|
|
selboolean { 'rsync_full_access':
|
|
persistent => true,
|
|
value => 'on',
|
|
}
|
|
|
|
exec { "restorecon_${data_root}/pub":
|
|
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
|
command => "restorecon -Rv ${data_root}/pub",
|
|
refreshonly => true,
|
|
subscribe => Selinux::Fcontext["${data_root}/pub"],
|
|
}
|
|
}
|
|
}
|