Class: Puppet::SELFileContext

Inherits:

Property

• Object
• Parameter
• Property
• Puppet::SELFileContext

Includes:

Util::SELinux

Defined in:

lib/puppet/type/file/selcontext.rb

Constant Summary

Constants included from Util::SELinux

Util::SELinux::S_IFDIR, Util::SELinux::S_IFLNK, Util::SELinux::S_IFREG

Constants included from Util::Docs

Util::Docs::HEADER_LEVELS

Constants included from Util

Util::ALNUM, Util::ALPHA, Util::AbsolutePathPosix, Util::AbsolutePathWindows, Util::DEFAULT_POSIX_MODE, Util::DEFAULT_WINDOWS_MODE, Util::ESCAPED, Util::HEX, Util::HttpProxy, Util::PUPPET_STACK_INSERTION_FRAME, Util::RESERVED, Util::RFC_3986_URI_REGEX, Util::UNRESERVED, Util::UNSAFE

Constants included from Util::POSIX

Util::POSIX::LOCALE_ENV_VARS, Util::POSIX::USER_ENV_VARS

Constants included from Util::SymbolicFileMode

Util::SymbolicFileMode::SetGIDBit, Util::SymbolicFileMode::SetUIDBit, Util::SymbolicFileMode::StickyBit, Util::SymbolicFileMode::SymbolicMode, Util::SymbolicFileMode::SymbolicSpecialToBit

Instance Attribute Summary

Attributes inherited from Property

#noop, #shouldorig

Attributes inherited from Parameter

#name, #parent, #resource, #sensitive

Attributes included from Util::Docs

#doc, #nodoc

Instance Method Summary

• #insync?(value) ⇒ Boolean
• #retrieve ⇒ Object
• #retrieve_default_context(property) ⇒ Object
• #sync ⇒ Object
• #unsafe_munge(should) ⇒ Object

Methods included from Util::SELinux

#get_selinux_current_context, #get_selinux_default_context, #get_selinux_default_context_with_handle, #parse_selinux_context, #selinux_category_to_label, #selinux_support?, selinux_support?, #set_selinux_context, #set_selinux_default_context

Methods inherited from Property

#call_provider, #change_to_s, #event, #event_name, idempotent, idempotent=, #idempotent?, #insync_values?, #is_to_s, #log, #match_all?, method_added, #name, newvalue, #property_matches?, #safe_insync?, #set, #should, #should=, #should_to_s, #unsafe_validate, #validate_features_per_value, #value, #value=, value_name, value_option

Methods inherited from Parameter

aliasvalue, defaultto, desc, doc, #file, #format, format_value_for_display, #initialize, initvars, isnamevar, #isnamevar?, isnamevar?, isrequired, #line, #log, #metaparam?, munge, #munge, newvalues, nodefault, #noop, #path, #pathbuilder, #provider, proxymethods, #remove, #required?, required?, sensitive, #tags, #to_s, unmunge, #unmunge, #unsafe_unmunge, #unsafe_validate, validate, #validate, #value, #value=, #version

Methods included from Util::Docs

#desc, #dochook, #doctable, #markdown_definitionlist, #markdown_header, #nodoc?, #pad, scrub

Methods included from Util

absolute_path?, benchmark, chuser, clear_environment, create_erb, default_env, deterministic_rand, deterministic_rand_int, exit_on_fail, format_backtrace_array, format_puppetstack_frame, get_env, get_environment, logmethods, merge_environment, path_to_uri, pretty_backtrace, replace_file, resolve_stackframe, rfc2396_escape, safe_posix_fork, set_env, skip_external_facts, symbolizehash, thinmark, uri_encode, uri_query_encode, uri_to_path, uri_unescape, which, withenv, withumask

Methods included from Util::POSIX

#get_posix_field, #gid, groups_of, #idfield, #methodbyid, #methodbyname, #search_posix_field, #uid

Methods included from Util::SymbolicFileMode

#display_mode, #normalize_symbolic_mode, #symbolic_mode_to_int, #valid_symbolic_mode?

Methods included from Util::Logging

#clear_deprecation_warnings, #debug, #deprecation_warning, #format_backtrace, #format_exception, #get_deprecation_offender, #log_and_raise, #log_deprecations_to_file, #log_exception, #puppet_deprecation_warning, #send_log, setup_facter_logging!, #warn_once

Methods included from Util::Errors

#adderrorcontext, #devfail, #error_context, error_location, error_location_with_space, error_location_with_unknowns, #exceptwrap, #fail

Constructor Details

This class inherits a constructor from Puppet::Parameter

Instance Method Details

#insync?(value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/puppet/type/file/selcontext.rb', line 58

def insync?(value)
  if !selinux_support?
    debug("SELinux bindings not found. Ignoring parameter.")
    true
  elsif !selinux_label_support?(@resource[:path])
    debug("SELinux not available for this filesystem. Ignoring parameter.")
    true
  else
    super
  end
end

#retrieve ⇒ Object

# File 'lib/puppet/type/file/selcontext.rb', line 30

def retrieve
  return :absent unless @resource.stat

  context = get_selinux_current_context(@resource[:path])
  is = parse_selinux_context(name, context)
  if name == :selrange and selinux_support?
    selinux_category_to_label(is)
  else
    is
  end
end

#retrieve_default_context(property) ⇒ Object

# File 'lib/puppet/type/file/selcontext.rb', line 42

def retrieve_default_context(property)
  return nil if Puppet::Util::Platform.windows?
  if @resource[:selinux_ignore_defaults] == :true
    return nil
  end

  context = get_selinux_default_context_with_handle(@resource[:path], provider.class.selinux_handle, @resource[:ensure])
  unless context
    return nil
  end

  property_default = parse_selinux_context(property, context)
  debug "Found #{property} default '#{property_default}' for #{@resource[:path]}" unless property_default.nil?
  property_default
end

#sync ⇒ Object

# File 'lib/puppet/type/file/selcontext.rb', line 82

def sync
  set_selinux_context(@resource[:path], @should, name)
  :file_changed
end

#unsafe_munge(should) ⇒ Object

# File 'lib/puppet/type/file/selcontext.rb', line 70

def unsafe_munge(should)
  unless selinux_support?
    return should
  end

  if name == :selrange
    selinux_category_to_label(should)
  else
    should
  end
end