Provides access to change the labelling policy for files, port, etc.

[spiette]

There currently no support to change the label policy on the filesystems.

I would like to

• have an semanage fcontext-like way to set labels
• ensure a restorecon -Rv on directories

An alternative way to set the labels would be to use .fc when building selinux modules.

[spiette]

selinux::module now support .fc files. We could add a selinux::restorecon define and subscribe it to all file resources with se* parameters set and/or to modules for specific directories.

selinux::module { 'rsynlocal':
   notify => Selinux::Restorecon['/path']
}

[mattwillsher]

How does this work for labelling of ports?, e.g.:

# semanage port -a -t syslogd_port_t -p tcp 10514

[nickchappell]

@thias has an SELinux module that can set file contexts, though I don't really feel comfortable just wholesale copying his code and making a PR against this module without permission.

https://github.com/thias/puppet-selinux/blob/master/manifests/dircontext.pp

[thias]

FWIW, that code is probably quite fragile and I don't think I even use it myself at the moment. Do feel free to copy/paste it as long as you follow the ASL 1.0 it's licensed under. And some credit is always welcome, even if this is probably not the kind of code to be proud of ;-)

My SELinux module is mostly just hacks. A proper module using types and providers would be much nicer.

[carlossg]

I have added a filecontext to @thias module at https://github.com/maestrodev/puppet-selinux/tree/maestrodev/manifests but now I'm going to need some things from this module, so it'd be great if we could merge them together, I'm willing to give a hand