manifests/module.pp

@@ -58,12 +58,21 @@
     cwd          => $selinux::params::sx_mod_dir,
   }
 
+  case $ensure { # lint:ignore:case_without_default
+    present: {
+      $_checkloaded_notify = [Exec["${name}-buildmod"]]
+    }
+    absent: {
+      # buildmod doesn't exist in the absent case
+      $_checkloaded_notify = []
+    }
+  }
   exec { "${name}-checkloaded":
     refreshonly => false,
     creates     => "/etc/selinux/${selinux_policy}/modules/active/modules/${name}.pp",
 
     command     => 'true', # lint:ignore:quoted_booleans
-    notify      => Exec["${name}-buildmod"],
+    notify      => $_checkloaded_notify,
   }
 
   ## Begin Configuration

manifests/params.pp

@@ -31,6 +31,13 @@
               $sx_fs_mount = '/selinux'
               $package_name = 'policycoreutils'
             }
+            '': {
+              # Fallback to lsbmajdistrelease, if puppet version is < 3.0
+              if($::lsbmajdistrelease == 5) {
+                $sx_fs_mount = '/selinux'
+                $package_name = 'policycoreutils'
+              }
+            }
             default: {
               fail("${::operatingsystem}-${::operatingsystemmajrelease} is not supported")
             }

manifests/permissive.pp

@@ -0,0 +1,41 @@
+# Definition: selinux::permissive
+#
+# Description
+#  This method will set a context to permissive
+#
+# Class create by David Twersky <dmtwersky@gmail.com>
+# Based on selinux::fcontext by Erik M Jacobs<erikmjacobs@gmail.com>
+#  Adds to puppet-selinux by jfryman
+#   https://github.com/jfryman/puppet-selinux
+#  Originally written/sourced from Lance Dillon<>
+#   http://riffraff169.wordpress.com/2012/03/09/add-file-contexts-with-puppet/
+#
+# Parameters:
+#   - $context: A particular context, like "oddjob_mkhomedir_t"
+#
+# Actions:
+#  Runs "semanage permissive -a" with the context you wish to allow
+#
+# Requires:
+#  - SELinux
+#  - policycoreutils-python (for el-based systems)
+#
+# Sample Usage:
+#
+#  selinux::permissive { 'allow-oddjob_mkhomedir_t':
+#    context  => 'oddjob_mkhomedir_t',
+#  }
+#
+define selinux::permissive (
+  $context,
+) {
+
+  include selinux
+
+  exec { "add_${context}":
+    command => "semanage permissive -a ${context}",
+    unless  => "semanage permissive -l|grep ${context}",
+    path    => '/bin:/sbin:/usr/bin:/usr/sbin',
+    require => Class['selinux::package']
+  }
+}

metadata.json

@@ -1,6 +1,6 @@
 {
 "name": "jfryman/selinux",
-"version": "0.2.5",
+"version": "0.2.6",
 "author": "jfryman",
 "summary": "This class manages SELinux on RHEL based systems",
 "license": "Apache-2.0",

spec/defines/selinux_module_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe 'selinux::module' do
+  let(:title) { 'mymodule' }
+  include_context 'RedHat 7'
+
+  context 'present case' do
+
+    let(:params) {{
+      :source => 'test_value'
+    }}
+
+    it { should contain_exec("mymodule-checkloaded").
+           that_notifies("Exec[mymodule-buildmod]")
+    }
+
+  end  # context
+
+  context 'absent case' do
+
+    let(:params) {{
+      :source => 'test_value',
+      :ensure => 'absent'
+    }}
+
+    it { should_not contain_exec("mymodule-checkloaded").
+           that_notifies("Exec[mymodule-buildmod]")
+    }
+
+  end  # context
+
+end  # describe

spec/spec_helper.rb

@@ -6,6 +6,7 @@
   :operatingsystem           => 'RedHat',
   :operatingsystemmajrelease => '7',
   :selinux_current_mode      => 'enforcing',
+  :selinux_config_policy     => 'targeted',
   # concat facts
   :concat_basedir => '/tmp',
   :id             => 0,