Skip to content

Files

Latest commit

author
jtimberman
Sep 16, 2011
420ec00 · Sep 16, 2011

History

History
This branch is 727 commits behind chef-boneyard/cookbooks:master.

selinux

Description

Provides recipes for manipulating selinux policy enforcement

Requirements

RHEL family distribution or other Linux system that uses SELinux.

Platform:

Tested on RHEL 5.6, 6.0 and 6.1.

Usage

SELinux is enforcing by default on RHEL family distributions, however the use of SELinux has complicated considerations when using configuration management. Often, users are recommended to set SELinux to permissive mode, or disabled completely. To ensure that SELinux is permissive or disabled, choose the appropriate recipe (selinux::permissive, selinux::disabled) and apply it to the node early in the run list. For example in a base role used by all RHEL systems:

name "base"
description "Base role applied to all nodes."
run_list(
  "recipe[selinux::permissive]",
)

Changes

v0.5.0:

  • COOK-678 - add the selinux cookbook to the repository
  • Use main selinux config file (/etc/selinux/config)
  • Use getenforce instead of selinuxenabled for enforcing and permissive

Roadmap

Use a node attribute to determine which recipe to load automatically from selinux::default.

Add LWRP/Libraries for manipulating security contexts for files and services managed by Chef.

License and Author

Author:: Sean OMeara (someara@opscode.com) Author:: Joshua Timberman (joshua@opscode.com)

Copyright:: 2011, Opscode, Inc

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.