From: Bryan Jen <bryan.jen@gmail.com>
Date: Thu, 1 Dec 2016 20:43:39 +0000 (+0000)
Subject: Completes re-add of SELinux support for puppet3 on EL7
X-Git-Tag: 1.8.2~15^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=edb30944ee62682e4ed0b0cc6e3a437a343a1a57;p=puppet-modules%2Fpuppetlabs-firewall.git

Completes re-add of SELinux support for puppet3 on EL7
---

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index b071727..8f38929 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -71,12 +71,13 @@ class firewall::linux::redhat (
     File["/etc/sysconfig/${service_name}"] -> Service[$service_name]
 
     # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to unconfined_u
+    # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to etc_t
     case $::selinux {
       #lint:ignore:quoted_booleans
       'true',true: {
         case $::operatingsystemrelease {
-          /^(6|7)\..*/: { File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u' } }
-          default:      { File["/etc/sysconfig/${service_name}"] { seluser => 'system_u' } }
+          /^(6|7)\..*/: { File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u', seltype => 'etc_t' } }
+          default:      { File["/etc/sysconfig/${service_name}"] { seluser => 'system_u', seltype => 'system_conf_t' } }
         }
       }
       default:     {}