Re-add RHEL7 SELinux support for puppet3

Since the autobefore fix on the firewall type is not available for puppet 3,
this re-adds the RHEL7 workaround if we're running on puppet 3.

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index f203e141ea405ad86aeb30764f535334e4fa7536..b071727a2ed537510ceb062afb6bb0acd8d18188 100644 (file)
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -64,4 +64,23 @@ class firewall::linux::redhat (
     group  => 'root',
     mode   => '0600',
   }
+
+  # Before puppet 4, the autobefore on the firewall type does not work - therefore
+  # we need to keep this workaround here
+  if versioncmp($::puppetversion, '4.0') <= 0 {
+    File["/etc/sysconfig/${service_name}"] -> Service[$service_name]
+
+    # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to unconfined_u
+    case $::selinux {
+      #lint:ignore:quoted_booleans
+      'true',true: {
+        case $::operatingsystemrelease {
+          /^(6|7)\..*/: { File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u' } }
+          default:      { File["/etc/sysconfig/${service_name}"] { seluser => 'system_u' } }
+        }
+      }
+      default:     {}
+      #lint:endignore
+    }
+  }
 }