From: David Schmitt <david.schmitt@puppet.com>
Date: Mon, 28 Nov 2016 11:22:41 +0000 (+0000)
Subject: Re-add RHEL7 SELinux support for puppet3
X-Git-Tag: 1.8.2~16^2~1
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=ed5480955a6e8c441f98f604425199b799b779d8;p=puppet-modules%2Fpuppetlabs-firewall.git

Re-add RHEL7 SELinux support for puppet3

Since the autobefore fix on the firewall type is not available for puppet 3,
this re-adds the RHEL7 workaround if we're running on puppet 3.
---

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index f203e14..b071727 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -64,4 +64,23 @@ class firewall::linux::redhat (
     group  => 'root',
     mode   => '0600',
   }
+
+  # Before puppet 4, the autobefore on the firewall type does not work - therefore
+  # we need to keep this workaround here
+  if versioncmp($::puppetversion, '4.0') <= 0 {
+    File["/etc/sysconfig/${service_name}"] -> Service[$service_name]
+
+    # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to unconfined_u
+    case $::selinux {
+      #lint:ignore:quoted_booleans
+      'true',true: {
+        case $::operatingsystemrelease {
+          /^(6|7)\..*/: { File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u' } }
+          default:      { File["/etc/sysconfig/${service_name}"] { seluser => 'system_u' } }
+        }
+      }
+      default:     {}
+      #lint:endignore
+    }
+  }
 }