Use older Redis cookbook, install on bitcoin-2
This commit is contained in:
75
cookbooks/selinux_policy/resources/module.rb
Normal file
75
cookbooks/selinux_policy/resources/module.rb
Normal file
@@ -0,0 +1,75 @@
|
||||
# A resource for managing SE modules
|
||||
|
||||
property :module_name, String, name_property: true
|
||||
property :force, [true, false], default: false
|
||||
property :directory, String, default: lazy { "#{Chef::Config[:file_cache_path]}/#{module_name}" } # content to work with. Defaults to autogenerated name in the Chef cache. Can be provided and pre-populated
|
||||
# Content options:
|
||||
property :content, String # provide a 'te' file directly. Optional
|
||||
property :directory_source, String # Source directory for module source code. If specified, will use "remote_directory" on the directory specified as `directory`
|
||||
property :cookbook, String # Related to directory
|
||||
property :allow_disabled, [true, false], default: true
|
||||
|
||||
action :deploy do
|
||||
run_action(:fetch)
|
||||
run_action(:compile)
|
||||
run_action(:install)
|
||||
end
|
||||
|
||||
# Get all the components in the right place
|
||||
action :fetch do
|
||||
directory new_resource.directory do
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
end
|
||||
|
||||
raise 'dont specify both directory_source and content' if new_resource.directory_source && new_resource.content
|
||||
|
||||
if new_resource.directory_source
|
||||
remote_directory new_resource.directory do
|
||||
source new_resource.directory_source
|
||||
cookbook new_resource.cookbook
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
end
|
||||
end
|
||||
|
||||
if new_resource.content
|
||||
file "#{new_resource.directory}/#{new_resource.module_name}.te" do
|
||||
content new_resource.content
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
action :compile do
|
||||
make_command = "/usr/bin/make -f /usr/share/selinux/devel/Makefile #{new_resource.module_name}.pp"
|
||||
execute "semodule-compile-#{new_resource.module_name}" do
|
||||
command make_command
|
||||
not_if "#{make_command} -q", cwd: new_resource.directory # $? = 1 means make wants to execute http://www.gnu.org/software/make/manual/html_node/Running.html
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
cwd new_resource.directory
|
||||
end
|
||||
end
|
||||
|
||||
# deploy / upgrade module
|
||||
# XXX this looks ugly because CentOS 6.X doesn't support extracting
|
||||
# SELinux modules from the current policy, which I planned on comparing
|
||||
# to my compiled file. I'll be happy to see anything else (that works).
|
||||
action :install do
|
||||
filename = "#{new_resource.directory}/#{new_resource.module_name}.pp"
|
||||
execute "semodule-install-#{new_resource.module_name}" do
|
||||
command "#{semodule_cmd} -i #{filename}"
|
||||
only_if "#{shell_boolean(new_resource.updated_by_last_action? || new_resource.force)} || ! (#{module_defined(new_resource.module_name)}) "
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
end
|
||||
end
|
||||
|
||||
action :remove do
|
||||
execute "semodule-remove-#{new_resource.module_name}" do
|
||||
command "#{semodule_cmd} -r #{new_resource.module_name}"
|
||||
only_if module_defined(new_resource.module_name)
|
||||
only_if { use_selinux(new_resource.allow_disabled) }
|
||||
end
|
||||
end
|
||||
|
||||
action_class do
|
||||
include Chef::SELinuxPolicy::Helpers
|
||||
end
|
||||
Reference in New Issue
Block a user