Do not execute selinux commands if policy disabled

If the system running cgit has disabled selinux, cgit should not attempt to run any selinux commands to prevent puppet apply from failing. Change-Id: I21add092d9d09077f2b23760a384f5a5cb91d86a
2015-09-10 13:37:03 -05:00 · 2015-09-10 13:37:03 -05:00 · 5e368973fe
parent dc7e58943d
commit 5e368973fe
1 changed files with 10 additions and 2 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -31,7 +31,8 @@ class cgit(
  $manage_cgitrc = false,
  $prefork_settings = {}, # override the prefork worker settings
  $mpm_settings = {}, # override the mpm worker settings
-  $cgitrc_settings = {}
+  $cgitrc_settings = {},
+  $selinux_mode = 'enforcing'
 ) {
  validate_hash($prefork_settings)
  validate_hash($mpm_settings)
@ -228,7 +229,14 @@ class cgit(
  }

  if ($::osfamily == 'RedHat') {
-    include ::cgit::selinux
+    case $selinux_mode {
+      'disabled': {
+        warning('Running with selinux "disabled" is not recommended')
+      }
+      default: {
+        include ::cgit::selinux
+      }
+    }
  }

  if $ssl_cert_file_contents != undef {