Resource Type: selmodule

NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700

selmodule

Description

Manages loading and unloading of SELinux policy modules on the system. Requires SELinux support. See man semodule(8) for more information on SELinux policy modules.

Autorequires: If Puppet is managing the file containing this SELinux policy module (which is either explicitly specified in the selmodulepath attribute or will be found at {selmoduledir}/{name}.pp), the selmodule resource will autorequire that file.

Attributes

selmodule { 'resource title':
  name          => # (namevar) The name of the SELinux policy to be managed....
  ensure        => # The basic property that the resource should be...
  provider      => # The specific backend to use for this `selmodule` 
  selmoduledir  => # The directory to look for the compiled pp module 
  selmodulepath => # The full path to the compiled .pp policy module. 
  syncversion   => # If set to `true`, the policy will be reloaded if 
  # ...plus any applicable metaparameters.
}

name

(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)

The name of the SELinux policy to be managed. You should not include the customary trailing .pp extension.

(↑ Back to selmodule attributes)

ensure

(Property: This attribute represents concrete state on the target system.)

The basic property that the resource should be in.

Default: present

Allowed values:

  • present
  • absent

(↑ Back to selmodule attributes)

provider

The specific backend to use for this selmodule resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

Available providers are:

(↑ Back to selmodule attributes)

selmoduledir

The directory to look for the compiled pp module file in. Currently defaults to /usr/share/selinux/targeted. If the selmodulepath attribute is not specified, Puppet will expect to find the module in <selmoduledir>/<name>.pp, where name is the value of the name parameter.

Default: /usr/share/selinux/targeted

(↑ Back to selmodule attributes)

selmodulepath

The full path to the compiled .pp policy module. You only need to use this if the module file is not in the selmoduledir directory.

(↑ Back to selmodule attributes)

syncversion

(Property: This attribute represents concrete state on the target system.)

If set to true, the policy will be reloaded if the version found in the on-disk file differs from the loaded version. If set to false (the default) the only check that will be made is if the policy is loaded at all or not.

Allowed values:

  • true
  • false

(↑ Back to selmodule attributes)

Providers

semodule

Manage SELinux policy modules using the semodule binary.

  • Required binaries: /usr/sbin/semodule

NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700