Provides recipes for manipulating selinux policy enforcement
RHEL family distribution or other Linux system that uses SELinux.
Tested on RHEL 5.6, 6.0 and 6.1.
SELinux is enforcing by default on RHEL family distributions, however the use of SELinux has complicated considerations when using configuration management. Often, users are recommended to set SELinux to permissive mode, or disabled completely. To ensure that SELinux is permissive or disabled, choose the appropriate recipe (
selinux::disabled) and apply it to the node early in the run list. For example in a
base role used by all RHEL systems:
name "base" description "Base role applied to all nodes." run_list( "recipe[selinux::permissive]", )
- COOK-678 - add the selinux cookbook to the repository
- Use main selinux config file (/etc/selinux/config)
- Use getenforce instead of selinuxenabled for enforcing and permissive
Use a node attribute to determine which recipe to load automatically from selinux::default.
Add LWRP/Libraries for manipulating security contexts for files and services managed by Chef.
License and Author
Copyright:: 2011, Opscode, Inc
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.