~quartsize/puppet-rsh

a807c5abb7644f6cf7742116bdaa862f81abf86b — Laura Hild 1 year, 5 months ago e0891f5
Add SELinux module to allow use of /etc/security/limits.conf
3 files changed, 25 insertions(+), 1 deletions(-)

A files/rshd_setrlimit.te
M manifests/servers.pp
M metadata.json
A files/rshd_setrlimit.te => files/rshd_setrlimit.te +12 -0
@@ 0,0 1,12 @@

module rshd_setrlimit 1.0;

require {
	type rshd_t;
	class capability sys_resource;
	class process setrlimit;
}

#============= rshd_t ==============
allow rshd_t self:capability sys_resource;
allow rshd_t self:process setrlimit;

M manifests/servers.pp => manifests/servers.pp +8 -0
@@ 49,4 49,12 @@ class rsh::servers (
    }
  }

  #
  # The delivered policy does not allow the use of /etc/security/limits.conf.
  #
  selinux::module { 'rshd_setrlimit':
    ensure    => 'present',
    source_te => 'puppet:///modules/rsh/rshd_setrlimit.te',
    builder   => 'simple'
  }
}

M metadata.json => metadata.json +5 -1
@@ 1,6 1,6 @@
{
  "name": "quartsize-rsh",
  "version": "0.1.4",
  "version": "0.2.0",
  "author": "Laura Hild",
  "summary": "Installs and manages rsh servers and clients",
  "license": "Apache-2.0",


@@ 11,6 11,10 @@
    {
      "name": "puppetlabs/stdlib",
      "version_requirement": ">= 4.9.0"
    },
    {
      "name": "puppet/selinux",
      "version_requirement": ">= 1.6.0"
    }
  ],
  "data_provider": "hiera",