Commit ef3392f2 authored by mh's avatar mh

make sure we set the right selinux context from the beginning on

parent f5a227c2
......@@ -7,15 +7,17 @@ class schleuder::base {
owner => 'root',
group => 'schleuder',
mode => '0640',
seltype => 'schleuder_data_t',
} ~> exec{'schleuder install':
refreshonly => true,
notify => Service['schleuder-api-daemon'],
} -> file{
['/etc/schleuder/schleuder-certificate.pem',
'/etc/schleuder/schleuder-private-key.pem']:
owner => root,
group => 'schleuder',
mode => '0640';
seltype => 'schleuder_data_t',
owner => root,
group => 'schleuder',
mode => '0640';
} ~> service{'schleuder-api-daemon':
ensure => running,
enable => true,
......@@ -36,6 +38,7 @@ class schleuder::base {
owner => 'root',
group => 'schleuder',
mode => '0640',
seltype => 'schleuder_data_t',
purge => true,
force => true,
recurse => true,
......@@ -64,6 +67,7 @@ class schleuder::base {
owner => 'schleuder',
group => 'schleuder',
mode => '0640',
seltype => 'schleuder_data_t',
require => Exec['schleuder install'],
before => Service['schleuder-api-daemon'],
}
......
......@@ -9,14 +9,16 @@ class schleuder::client(
# when the package is being installed
file{
'/root/.schleuder-cli':
ensure => directory,
owner => root,
group => 0,
mode => '0600',
ensure => directory,
owner => root,
group => root,
mode => '0600',
seltype => 'schleuder_data_t',
} -> concat{'/root/.schleuder-cli/schleuder-cli.yml':
owner => root,
group => 0,
mode => '0600',
owner => root,
group => root,
mode => '0600',
seltype => 'schleuder_data_t',
} -> package{'schleuder-cli':
ensure => installed,
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment