summaryrefslogtreecommitdiffstats
path: root/templates/selinux
diff options
context:
space:
mode:
authorJames Slagle <jslagle@redhat.com>2016-04-22 09:30:38 -0400
committerJames Slagle <jslagle@redhat.com>2016-05-05 13:19:20 -0400
commit8e533aaf447022c62865130f2ffc88690f06aef1 (patch)
treec5fa4b9d5bca33c321b7c407f8e062320f45374f /templates/selinux
parent0bf0f72defc5260346717cf7c9d836342b34ebd6 (diff)
Add tripleo::selinux
Adds a class to configure SELinux. The code is taken from puppet-openstack-cloud: https://github.com/redhat-cip/puppet-openstack-cloud This allows to share the same code for usage by both the Undercloud and Overcloud. Co-Authored By: Emilien Macchi <emilien@redhat.com> Co-Authored By: Yanis Guenane <yguenane@redhat.com> blueprint undercloud-elements Change-Id: If214005df733d41c2fa4e197df247d8a14baaa14
Diffstat (limited to 'templates/selinux')
-rw-r--r--templates/selinux/sysconfig_selinux.erb11
1 files changed, 11 insertions, 0 deletions
diff --git a/templates/selinux/sysconfig_selinux.erb b/templates/selinux/sysconfig_selinux.erb
new file mode 100644
index 0000000..dfb1e53
--- /dev/null
+++ b/templates/selinux/sysconfig_selinux.erb
@@ -0,0 +1,11 @@
+# This file controls the state of SELinux on the system.
+# SELINUX= can take one of these three values:
+# enforcing - SELinux security policy is enforced.
+# permissive - SELinux prints warnings instead of enforcing.
+# disabled - No SELinux policy is loaded.
+SELINUX=<%= @mode %>
+# SELINUXTYPE= can take one of these two values:
+# targeted - Targeted processes are protected,
+# minimum - Modification of targeted policy. Only selected processes are protected.
+# mls - Multi Level Security protection.
+SELINUXTYPE=targeted