43 lines
1.2 KiB
Puppet
43 lines
1.2 KiB
Puppet
# profiles::selinux::mysqld
|
|
# selinux settings for mysqld and galera
|
|
class profiles::selinux::mysqld (
|
|
Stdlib::Absolutepath $datadir = '/var/lib/mysql',
|
|
Boolean $persistent = true,
|
|
Boolean $mysql_connect_any = true,
|
|
Boolean $selinuxuser_mysql_connect_enabled = true,
|
|
String $selinux_mode = 'enforcing',
|
|
){
|
|
|
|
# setenforce
|
|
class { 'profiles::selinux::setenforce':
|
|
mode => $selinux_mode,
|
|
}
|
|
|
|
# set mysqld_db_t to all files under the datadir
|
|
selinux::fcontext { $datadir:
|
|
ensure => 'present',
|
|
seltype => 'mysqld_db_t',
|
|
pathspec => "${datadir}(/.*)?",
|
|
}
|
|
|
|
# make sure we can connect to mysql on the local system
|
|
selboolean { 'selinuxuser_mysql_connect_enabled':
|
|
persistent => $persistent,
|
|
value => $selinuxuser_mysql_connect_enabled,
|
|
}
|
|
|
|
# make sure mysql can connect to other hosts
|
|
selboolean { 'mysql_connect_any':
|
|
persistent => $persistent,
|
|
value => $mysql_connect_any,
|
|
}
|
|
|
|
exec { "restorecon_${datadir}":
|
|
path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
|
|
command => "restorecon -Rv ${datadir}",
|
|
refreshonly => true,
|
|
subscribe => Selinux::Fcontext[$datadir],
|
|
}
|
|
}
|
|
|