# HG changeset patch # User IBBoard # Date 1437840635 -3600 # Node ID 5cdc1c96c47748be6ba11f620fcc6538e4b8f727 # Parent a82c271fb26ab2cb0bbe8aaca27d96c83b9cab8d Add SELinux support for website content diff -r a82c271fb26a -r 5cdc1c96c477 manifests/templates.pp --- a/manifests/templates.pp Sat Jul 25 11:48:42 2015 +0100 +++ b/manifests/templates.pp Sat Jul 25 17:10:35 2015 +0100 @@ -315,6 +315,8 @@ if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { $mysqlpackage = 'mariadb' $mysqlsuffix = '' + + package { 'policycoreutils-python': ensure => installed } } else { $mysqlpackage = 'mysql' diff -r a82c271fb26a -r 5cdc1c96c477 modules/website/manifests/init.pp --- a/modules/website/manifests/init.pp Sat Jul 25 11:48:42 2015 +0100 +++ b/modules/website/manifests/init.pp Sat Jul 25 17:10:35 2015 +0100 @@ -81,4 +81,12 @@ file { $cert_dir: ensure => directory; } + if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { + exec { 'set_apache_defaults': + command => 'semanage fcontext -a -t httpd_sys_content_t "/srv/sites(/.*)?"', + path => '/bin:/usr/bin/:/sbin:/usr/sbin', + require => Package['policycoreutils-python'], + unless => 'semanage fcontext --list | grep "/srv/sites\\(/\\.\\*\\)\\?"', + } + } }