Merge "Explicitly set selinux seltype for rules link"

2018-07-25 02:41:31 +00:00 · 2018-07-25 02:41:31 +00:00 · 2f5ec4d79a
commit 2f5ec4d79a
parent 182b59aae2 cef0960c6d
1 changed files with 7 additions and 1 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -125,11 +125,17 @@ class iptables(
    notify  => $notify_iptables,
  }

+  if $::osfamily == 'redhat' {
+    $seltype = 'etc_t'
+  } else {
+    $seltype = undef
+  }
+
  file { $::iptables::params::ipv4_rules:
    ensure  => link,
    owner   => 'root',
    group   => 'root',
-    mode    => '0640',
+    seltype => $seltype,
    target  => "${::iptables::params::rules_dir}/rules",
    require => File["${::iptables::params::rules_dir}/rules"],
    notify  => $notify_iptables,