cookbook 'selinux', '= 0.9.0'
selinux
(61) Versions
0.9.0
-
-
6.2.1
-
6.2.0
-
6.1.19
-
6.1.18
-
6.1.17
-
6.1.16
-
6.1.15
-
6.1.14
-
6.1.13
-
6.1.12
-
6.1.11
-
6.1.10
-
6.1.9
-
6.1.8
-
6.1.7
-
6.1.6
-
6.1.5
-
6.1.4
-
6.1.3
-
6.1.2
-
6.1.1
-
6.1.0
-
6.0.7
-
6.0.6
-
6.0.5
-
6.0.4
-
6.0.3
-
6.0.2
-
6.0.1
-
6.0.0
-
5.1.1
-
5.1.0
-
5.0.0
-
4.0.0
-
3.1.1
-
3.1.0
-
3.0.2
-
3.0.1
-
3.0.0
-
2.1.1
-
2.1.0
-
2.0.3
-
2.0.2
-
2.0.1
-
2.0.0
-
1.0.4
-
1.0.3
-
1.0.2
-
1.0.1
-
1.0.0
-
0.9.0
-
0.8.0
-
0.7.2
-
0.7.0
-
0.6.2
-
0.6.0
-
0.5.6
-
0.5.4
-
0.5.2
-
0.5.0
-
0.1.0
Follow73
- 6.2.1
- 6.2.0
- 6.1.19
- 6.1.18
- 6.1.17
- 6.1.16
- 6.1.15
- 6.1.14
- 6.1.13
- 6.1.12
- 6.1.11
- 6.1.10
- 6.1.9
- 6.1.8
- 6.1.7
- 6.1.6
- 6.1.5
- 6.1.4
- 6.1.3
- 6.1.2
- 6.1.1
- 6.1.0
- 6.0.7
- 6.0.6
- 6.0.5
- 6.0.4
- 6.0.3
- 6.0.2
- 6.0.1
- 6.0.0
- 5.1.1
- 5.1.0
- 5.0.0
- 4.0.0
- 3.1.1
- 3.1.0
- 3.0.2
- 3.0.1
- 3.0.0
- 2.1.1
- 2.1.0
- 2.0.3
- 2.0.2
- 2.0.1
- 2.0.0
- 1.0.4
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 0.9.0
- 0.8.0
- 0.7.2
- 0.7.0
- 0.6.2
- 0.6.0
- 0.5.6
- 0.5.4
- 0.5.2
- 0.5.0
- 0.1.0
Manages SELinux policy state and rules.
cookbook 'selinux', '= 0.9.0', :supermarket
knife supermarket install selinux
knife supermarket download selinux
Description
Provides recipes for manipulating SELinux policy enforcement state.
Requirements
RHEL family distribution or other Linux system that uses SELinux.
Platform:
Tested on RHEL 5.8, 6.3
Node Attributes
node['selinux']['state']
- The SELinux policy enforcement state.
The state to set by default, to match the default SELinux state on
RHEL. Can be "enforcing", "permissive", "disabled"node['selinux']['booleans']
- A hash of SELinux boolean names and the
values they should be set to. Values can be off, false, or 0 to disable;
or on, true, or 1 to enable.
Resources/Providers
selinux_state
The selinux_state
LWRP is used to manage the SELinux state on the
system. It does this by using the setenforce
command and rendering
the /etc/selinux/config
file from a template.
Actions
-
:nothing
- default action, does nothing -
:enforcing
- Sets SELinux to enforcing. -
:disabled
- Sets SELinux to disabled. -
:permissive
- Sets SELinux to permissive.
Attributes
The LWRP has no user-settable resource attributes.
Examples
Simply set SELinux to enforcing or permissive:
selinux_state "SELinux Enforcing" do
action :enforcing
end
selinux_state "SELinux Permissive" do
action :permissive
end
The action here is based on the value of the
node['selinux']['state']
attribute, which we convert to lower-case
and make a symbol to pass to the action.
selinux_state "SELinux #{node['selinux']['state'].capitalize}" do
action node['selinux']['state'].downcase.to_sym
end
Recipes
All the recipes now leverage the LWRP described above.
default
The default recipe will use the attribute node['selinux']['state']
in the selinux_state
LWRP's action. By default, this will be :enforcing
.
enforcing
This recipe will use :enforcing
as the selinux_state
action.
permissive
This recipe will use :permissive
as the selinux_state
action.
disabled
This recipe will use :disabled
as the selinux_state
action.
Usage
By default, this cookbook will have SELinux enforcing by default, as
the default recipe uses the node['selinux']['state']
attribute,
which is "enforcing." This is in line with the policy of enforcing by
default on RHEL family distributions.
This has complicated considerations when changing the default
configuration of their systems, whether it is with automated
configuration management or manually. Often, third party help forums
and support sites recommend setting SELinux to "permissive." This
cookbook can help with that, in two ways.
You can simply set the attribute in a role applied to the node:
name "base"
description "Base role applied to all nodes."
default_attributes(
"selinux" => {
"state" => "permissive"
}
)
Or, you can apply the recipe to the run list (e.g., in a role):
name "base"
description "Base role applied to all nodes."
run_list(
"recipe[selinux::permissive]",
)
Roadmap
Add LWRP/Libraries for manipulating security contexts for files and
services managed by Chef.
License and Author
- Author:: Sean OMeara (someara@chef.io)
- Author:: Joshua Timberman (joshua@chef.io)
Copyright:: 2011-2012, Chef Software, Inc
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
selinux Cookbook CHANGELOG
v0.9.0 (2015-02-22)
- Initial Debian / Ubuntu support
- Various bug fixes
v0.8.0 (2014-04-23)
- [COOK-4528] - Fix selinux directory permissions
- [COOK-4562] - Basic support for Ubuntu/Debian
v0.7.2 (2014-03-24)
handling minimal installs
v0.7.0 (2014-02-27)
[COOK-4218] Support setting SELinux boolean values
v0.6.2
- Fixing bug introduced in 0.6.0
- adding basic test-kitchen coverage
v0.6.0
- [COOK-760] - selinux enforce/permit/disable based on attribute
v0.5.6
- [COOK-2124] - enforcing recipe fails if selinux is disabled
v0.5.4
- [COOK-1277] - disabled recipe fails on systems w/o selinux installed
v0.5.2
- [COOK-789] - fix dangling commas causing syntax error on some rubies
v0.5.0
- [COOK-678] - add the selinux cookbook to the repository
- Use main selinux config file (/etc/selinux/config)
- Use getenforce instead of selinuxenabled for enforcing and permissive
Collaborator Number Metric
0.9.0 passed this metric
Foodcritic Metric
0.9.0 failed this metric
FC001: Use strings in preference to symbols to access node attributes: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:2
FC001: Use strings in preference to symbols to access node attributes: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:9
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:26
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:36
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:46
FC019: Access node attributes in a consistent manner: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:2
FC019: Access node attributes in a consistent manner: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:9
FC031: Cookbook without metadata file: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/metadata.rb:1
Foodcritic Metric
0.9.0 failed this metric
FC017: LWRP does not notify when updated: selinux/providers/state.rb:26
FC017: LWRP does not notify when updated: selinux/providers/state.rb:36
FC017: LWRP does not notify when updated: selinux/providers/state.rb:46
FC059: LWRP provider does not declare use_inline_resources: selinux/providers/state.rb:1
Run with Foodcritic Version 8.2.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.9.0 failed this metric
selinux does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.
0.9.0 passed this metric
0.9.0 failed this metric
FC001: Use strings in preference to symbols to access node attributes: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:2
FC001: Use strings in preference to symbols to access node attributes: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:9
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:26
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:36
FC017: LWRP does not notify when updated: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/providers/state.rb:46
FC019: Access node attributes in a consistent manner: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:2
FC019: Access node attributes in a consistent manner: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/recipes/_common.rb:9
FC031: Cookbook without metadata file: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/metadata.rb:1
FC045: Consider setting cookbook name in metadata: /tmp/cook/cb96d8b5ef213bbb96ee6de0/selinux/metadata.rb:1
Foodcritic Metric
0.9.0 failed this metric
FC017: LWRP does not notify when updated: selinux/providers/state.rb:26
FC017: LWRP does not notify when updated: selinux/providers/state.rb:36
FC017: LWRP does not notify when updated: selinux/providers/state.rb:46
FC059: LWRP provider does not declare use_inline_resources: selinux/providers/state.rb:1
Run with Foodcritic Version 8.2.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.9.0 failed this metric
selinux does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.
0.9.0 failed this metric
FC017: LWRP does not notify when updated: selinux/providers/state.rb:36
FC017: LWRP does not notify when updated: selinux/providers/state.rb:46
FC059: LWRP provider does not declare use_inline_resources: selinux/providers/state.rb:1
Run with Foodcritic Version 8.2.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.9.0 failed this metric
selinux does not have a valid open source license.
Acceptable licenses include Apache 2.0, apachev2, MIT, mit, GNU Public License 2.0, gplv2, GNU Public License 3.0, gplv3.