1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# Reference
<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
## Table of Contents
### Resource types
* [`selboolean`](#selboolean): Manages SELinux booleans on systems with SELinux support.
* [`selmodule`](#selmodule): Manages loading and unloading of SELinux policy modules on the system. Requires SELinux support.
## Resource types
### <a name="selboolean"></a>`selboolean`
The supported booleans are any of the ones found in `/selinux/booleans/`.
#### Properties
The following properties are available in the `selboolean` type.
##### `value`
Valid values: `on`, `off`, `true`, `false`
Whether the SELinux boolean should be enabled or disabled.
#{value_doc}
#### Parameters
The following parameters are available in the `selboolean` type.
* [`name`](#-selboolean--name)
* [`persistent`](#-selboolean--persistent)
* [`provider`](#-selboolean--provider)
##### <a name="-selboolean--name"></a>`name`
namevar
The name of the SELinux boolean to be managed.
##### <a name="-selboolean--persistent"></a>`persistent`
Valid values: `true`, `false`
If set true, SELinux booleans will be written to disk and persist across reboots.
The default is `false`.
Default value: `false`
##### <a name="-selboolean--provider"></a>`provider`
The specific backend to use for this `selboolean` resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
### <a name="selmodule"></a>`selmodule`
See man semodule(8) for more information on SELinux policy modules.
**Autorequires:** If Puppet is managing the file containing this SELinux
policy module (which is either explicitly specified in the `selmodulepath`
attribute or will be found at {`selmoduledir`}/{`name`}.pp), the selmodule
resource will autorequire that file.
#### Properties
The following properties are available in the `selmodule` type.
##### `ensure`
Valid values: `present`, `absent`
The basic property that the resource should be in.
Default value: `present`
##### `syncversion`
Valid values: `true`, `false`
If set to `true`, the policy will be reloaded if the
version found in the on-disk file differs from the loaded
version. If set to `false` (the default) the only check
that will be made is if the policy is loaded at all or not.
#### Parameters
The following parameters are available in the `selmodule` type.
* [`name`](#-selmodule--name)
* [`provider`](#-selmodule--provider)
* [`selmoduledir`](#-selmodule--selmoduledir)
* [`selmodulepath`](#-selmodule--selmodulepath)
##### <a name="-selmodule--name"></a>`name`
namevar
The name of the SELinux policy to be managed. You should not
include the customary trailing .pp extension.
##### <a name="-selmodule--provider"></a>`provider`
The specific backend to use for this `selmodule` resource. You will seldom need to specify this --- Puppet will usually
discover the appropriate provider for your platform.
##### <a name="-selmodule--selmoduledir"></a>`selmoduledir`
The directory to look for the compiled pp module file in.
Currently defaults to `/usr/share/selinux/targeted`. If the
`selmodulepath` attribute is not specified, Puppet will expect to find
the module in `<selmoduledir>/<name>.pp`, where `name` is the value of the
`name` parameter.
Default value: `/usr/share/selinux/targeted`
##### <a name="-selmodule--selmodulepath"></a>`selmodulepath`
The full path to the compiled .pp policy module. You only need to use
this if the module file is not in the `selmoduledir` directory.
|
