summaryrefslogtreecommitdiffstats
path: root/manifests/selinux.pp
blob: c5d13e2b6c0353c8754e45fcc9c6903d63cd4a69 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::selinux
#
# Helper class to configure SELinux on nodes
#
# === Parameters:
#
# [*mode*]
#   (optional) SELinux mode the system should be in
#   Defaults to 'enforcing'
#   Possible values : disabled, permissive, enforcing
#
# [*directory*]
#   (optional) Path where to find the SELinux modules
#   Defaults to '/usr/share/selinux'
#
# [*booleans*]
#   (optional) Set of booleans to persistently enables
#   SELinux booleans are the one getsebool -a returns
#   Defaults []
#   Example: ['rsync_full_access', 'haproxy_connect_any']
#
# [*modules*]
#   (optional) Set of modules to load on the system
#   Defaults []
#   Example: ['module1', 'module2']
#   Note: Those module should be in the $directory path
#
class tripleo::selinux (
  $mode      = 'enforcing',
  $directory = '/usr/share/selinux/',
  $booleans  = [],
  $modules   = [],
) {

  if $::osfamily != 'RedHat'  {
    fail("OS family unsuppored yet (${::osfamily}), SELinux support is only limited to RedHat family OS")
  }

  Selboolean {
    persistent => true,
    value      => 'on',
  }

  Selmodule {
    ensure       => present,
    selmoduledir => $directory,
  }

  file { '/etc/selinux/config':
    ensure  => present,
    mode    => '0444',
    content => template('tripleo/selinux/sysconfig_selinux.erb')
  }

  $current_mode = $::selinux? {
    false   => 'disabled',
    default => $::selinux_current_mode,
  }

  if $current_mode != $mode {
    case $mode {
      /^(disabled|permissive)$/: {
        if $current_mode == 'enforcing' {
          exec { '/sbin/setenforce 0': }
        }
      }
      'enforcing': {
        exec { '/sbin/setenforce 1': }
      }
      default: {
        fail('You must specify a mode (enforcing, permissive, or disabled)')
      }
    }
  }

  selboolean { $booleans :
    persistent => true,
  }
  selmodule { $modules: }

}
"cp"># define UDC_A_ALT_HNP_SUPPORT (1 << 7) # define UDC_R_WK_OK (1 << 6) # define UDC_USB_RESET (1 << 5) # define UDC_SUS (1 << 4) # define UDC_CFG (1 << 3) # define UDC_ADD (1 << 2) # define UDC_DEF (1 << 1) # define UDC_ATT (1 << 0) #define UDC_SOF (UDC_BASE + 0x24) /* Start of frame */ # define UDC_FT_LOCK (1 << 12) # define UDC_TS_OK (1 << 11) # define UDC_TS 0x03ff #define UDC_IRQ_EN (UDC_BASE + 0x28) /* Interrupt enable */ # define UDC_SOF_IE (1 << 7) # define UDC_EPN_RX_IE (1 << 5) # define UDC_EPN_TX_IE (1 << 4) # define UDC_DS_CHG_IE (1 << 3) # define UDC_EP0_IE (1 << 0) #define UDC_DMA_IRQ_EN (UDC_BASE + 0x2C) /* DMA irq enable */ /* rx/tx dma channels numbered 1-3 not 0-2 */ # define UDC_TX_DONE_IE(n) (1 << (4 * (n) - 2)) # define UDC_RX_CNT_IE(n) (1 << (4 * (n) - 3)) # define UDC_RX_EOT_IE(n) (1 << (4 * (n) - 4)) #define UDC_IRQ_SRC (UDC_BASE + 0x30) /* Interrupt source */ # define UDC_TXN_DONE (1 << 10) # define UDC_RXN_CNT (1 << 9) # define UDC_RXN_EOT (1 << 8) # define UDC_IRQ_SOF (1 << 7) # define UDC_EPN_RX (1 << 5) # define UDC_EPN_TX (1 << 4) # define UDC_DS_CHG (1 << 3) # define UDC_SETUP (1 << 2) # define UDC_EP0_RX (1 << 1) # define UDC_EP0_TX (1 << 0) # define UDC_IRQ_SRC_MASK 0x7bf #define UDC_EPN_STAT (UDC_BASE + 0x34) /* EP irq status */ #define UDC_DMAN_STAT (UDC_BASE + 0x38) /* DMA irq status */ # define UDC_DMA_RX_SB (1 << 12) # define UDC_DMA_RX_SRC(x) (((x)>>8) & 0xf) # define UDC_DMA_TX_SRC(x) (((x)>>0) & 0xf) /* DMA configuration registers: up to three channels in each direction. */ #define UDC_RXDMA_CFG (UDC_BASE + 0x40) /* 3 eps for RX DMA */ # define UDC_DMA_REQ (1 << 12) #define UDC_TXDMA_CFG (UDC_BASE + 0x44) /* 3 eps for TX DMA */ #define UDC_DATA_DMA (UDC_BASE + 0x48) /* rx/tx fifo addr */ /* rx/tx dma control, numbering channels 1-3 not 0-2 */ #define UDC_TXDMA(chan) (UDC_BASE + 0x50 - 4 + 4 * (chan)) # define UDC_TXN_EOT (1 << 15) /* bytes vs packets */ # define UDC_TXN_START (1 << 14) /* start transfer */ # define UDC_TXN_TSC 0x03ff /* units in xfer */ #define UDC_RXDMA(chan) (UDC_BASE + 0x60 - 4 + 4 * (chan)) # define UDC_RXN_STOP (1 << 15) /* enable EOT irq */ # define UDC_RXN_TC 0x00ff /* packets in xfer */ /* * Endpoint configuration registers (used before CFG_LOCK is set) * UDC_EP_TX(0) is unused */ #define UDC_EP_RX(endpoint) (UDC_BASE + 0x80 + (endpoint)*4) # define UDC_EPN_RX_VALID (1 << 15) # define UDC_EPN_RX_DB (1 << 14) /* buffer size in bits 13, 12 */ # define UDC_EPN_RX_ISO (1 << 11) /* buffer pointer in low 11 bits */ #define UDC_EP_TX(endpoint) (UDC_BASE + 0xc0 + (endpoint)*4) /* same bitfields as in RX */ /*-------------------------------------------------------------------------*/ struct omap_req { struct usb_request req; struct list_head queue; unsigned dma_bytes; unsigned mapped:1; }; struct omap_ep { struct usb_ep ep; struct list_head queue; unsigned long irqs; struct list_head iso; char name[14]; u16 maxpacket; u8 bEndpointAddress; u8 bmAttributes; unsigned double_buf:1; unsigned stopped:1; unsigned fnf:1; unsigned has_dma:1; u8 ackwait; u8 dma_channel; u16 dma_counter; int lch; struct omap_udc *udc; struct timer_list timer; }; struct omap_udc { struct usb_gadget gadget; struct usb_gadget_driver *driver; spinlock_t lock; struct omap_ep ep[32]; u16 devstat; u16 clr_halt; struct usb_phy *transceiver; struct list_head iso; unsigned softconnect:1; unsigned vbus_active:1; unsigned ep0_pending:1; unsigned ep0_in:1; unsigned ep0_set_config:1; unsigned ep0_reset_config:1; unsigned ep0_setup:1; struct completion *done; struct clk *dc_clk; struct clk *hhc_clk; unsigned clk_requested:1; }; /*-------------------------------------------------------------------------*/ #ifdef VERBOSE # define VDBG DBG #else # define VDBG(stuff...) do{}while(0) #endif #define ERR(stuff...) pr_err("udc: " stuff) #define WARNING(stuff...) pr_warning("udc: " stuff) #define INFO(stuff...) pr_info("udc: " stuff) #define DBG(stuff...) pr_debug("udc: " stuff) /*-------------------------------------------------------------------------*/ /* MOD_CONF_CTRL_0 */ #define VBUS_W2FC_1510 (1 << 17) /* 0 gpio0, 1 dvdd2 pin */ /* FUNC_MUX_CTRL_0 */ #define VBUS_CTRL_1510 (1 << 19) /* 1 connected (software) */ #define VBUS_MODE_1510 (1 << 18) /* 0 hardware, 1 software */ #define HMC_1510 ((omap_readl(MOD_CONF_CTRL_0) >> 1) & 0x3f) #define HMC_1610 (omap_readl(OTG_SYSCON_2) & 0x3f) #define HMC (cpu_is_omap15xx() ? HMC_1510 : HMC_1610)