Skip to content

Commit

Permalink
This commit addresses issue #8
Browse files Browse the repository at this point in the history
When SELINUX is enabled the cache_dir and port are given
the correct SELINUX context (fcontext & port)
Only works on RedHat and families
  • Loading branch information
ralfbosz committed Mar 26, 2018
1 parent 87383a3 commit 24f922b
Show file tree
Hide file tree
Showing 5 changed files with 76 additions and 0 deletions.
1 change: 1 addition & 0 deletions .fixtures.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@ fixtures:
forge_modules:
concat: puppetlabs-concat
stdlib: puppetlabs-stdlib
selinux: puppet-selinux
symlinks:
"squid": "#{source_dir}"
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ squid::http_access{ '!Safe_ports':
action => deny,
}
```
This module will set the SELINUX-context for the cache_dir and/or port, requires [puppet-selinux](https://github.com/voxpupuli/puppet-selinux)

### Parameters for squid Class
Parameters to the squid class almost map 1 to 1 to squid.conf parameters themselves.
Expand Down
8 changes: 8 additions & 0 deletions manifests/cache_dir.pp
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,12 @@
require => Package[$::squid::package_name],
}

if $facts['selinux'] == true {
selinux::fcontext{"selinux fcontext squid_cache_t ${path}":
seltype => 'squid_cache_t',
pathspec => "${path}(/.*)?",
require => File[$path],
}
}

}
11 changes: 11 additions & 0 deletions manifests/http_port.pp
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,15 @@
order => "30-${order}",
}

if $facts['selinux'] == true {
$_port = Integer($port)
selinux::port{"selinux port squid_port_t ${_port}":
ensure => 'present',
seltype => 'squid_port_t',
protocol => 'tcp',
port => $_port,
}
}

}

55 changes: 55 additions & 0 deletions spec/classes/init_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,42 @@
it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) }
end

if facts['osfamily'] == 'RedHat'
context 'with http_port parameters set + SELINUX' do
let :params do
{ config: '/tmp/squid.conf',
http_ports: { 2000 => { 'options' => 'special for 2000' } } }
end
let(:facts) do
facts.merge(
selinux => true
)
end

it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') }
it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_order('30-05') }
it { is_expected.to contain_concat_fragment('squid_http_port_2000').with_content(%r{^http_port\s+2000\s+special for 2000$}) }
it { is_expected.to contain_selinux__port('selinux port squid_port_t 2000').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '2000') }
end

context 'with https_port parameters set' do
let :params do
{ config: '/tmp/squid.conf',
https_ports: { 2001 => { 'options' => 'special for 2001' } } }
end
let(:facts) do
facts.merge(
selinux => true
)
end

it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') }
it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_order('30-05') }
it { is_expected.to contain_concat_fragment('squid_https_port_2001').with_content(%r{^https_port\s+2001\s+special for 2001$}) }
it { is_expected.to contain_selinux__port('selinux port squid_port_t 2001').with('ensure' => 'present', 'seltype' => 'squid_port_t', 'protocol' => 'tcp', 'port' => '2001') }
end
end

context 'with snmp_incoming_address parameter set' do
let :params do
{
Expand Down Expand Up @@ -454,6 +490,25 @@
it { is_expected.to contain_file('/data').with_ensure('directory') }
end

if facts['osfamily'] == 'RedHat'
context 'with cache_dir parameters set + SELINUX' do
let :params do
{ config: '/tmp/squid.conf',
cache_dirs: { '/data' => { 'type' => 'special',
'options' => 'my options for special type' } } }
end
let(:facts) do
facts.merge(
selinux => true
)
end

it { is_expected.to contain_concat_fragment('squid_header').with_target('/tmp/squid.conf') }
it { is_expected.to contain_file('/data').with_ensure('directory') }
it { is_expected.to contain_selinux__fcontext('selinux fcontext squid_cache_t /data').with('seltype' => 'squid_cache_t', 'pathspec' => '/data(/.*)?') }
end
end

context 'with extra_config_sections parameter set' do
let :params do
{
Expand Down

0 comments on commit 24f922b

Please sign in to comment.