Added selinux class to disable selinux.

Sets permissive mode on the current environment. Manages /etc/selinux/config and disables it entirely. Signed-off-by: Jeff McCune <jeff@puppetlabs.com>
jeffmccune · Aug 7, 2010 · e2881bf · e2881bf
1 parent 094b480
commit e2881bf
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/manifests/pb_setup_11_selinuxoff.pp b/manifests/pb_setup_11_selinuxoff.pp
@@ -0,0 +1 @@
+include puppetlabs::selinux
diff --git a/suite/share/modules/puppetlabs/manifests/selinux.pp b/suite/share/modules/puppetlabs/manifests/selinux.pp
@@ -0,0 +1,32 @@
+# Class: puppetlabs::selinux
+#
+#   Disable SELinux
+#   Jeff McCune <jeff@puppetlabs.com>
+#   2010-08-07
+#
+# Parameters:
+#
+# Actions:
+#
+#   Manages /etc/sysconfig/selinux
+#
+# Requires:
+#
+# Sample Usage:
+#
+#   include puppetlabs::selinux
+#
+class puppetlabs::selinux {
+  $module = "puppetlabs"
+  $class  = "${module}::selinux"
+  File { owner => "0", group => "0", mode  => "0644" }
+  file {
+    "/etc/selinux/config":
+      content => template("${module}/etc/selinux/config");
+  }
+  exec {
+    "selinux":
+      command => "/usr/sbin/setenforce 0",
+      onlyif  => "/bin/bash -c '/usr/sbin/getenforce | /bin/grep -qx Enforcing'"
+  }
+}
diff --git a/suite/share/modules/puppetlabs/templates/etc/selinux/config b/suite/share/modules/puppetlabs/templates/etc/selinux/config
@@ -0,0 +1,10 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+#	enforcing - SELinux security policy is enforced.
+#	permissive - SELinux prints warnings instead of enforcing.
+#	disabled - SELinux is fully disabled.
+SELINUX=disabled
+# SELINUXTYPE= type of policy in use. Possible values are:
+#	targeted - Only targeted network daemons are protected.
+#	strict - Full SELinux protection.
+SELINUXTYPE=targeted