Explicitly set selinux seltype for rules link
Puppet seems to have some issue with creating a symlink in /etc/sysconfig on CentOS, where it creates the link on the first run and then corrects the seltype on the second run, breaking idempotency tests. If we make sure to explicitly set it up front, puppet doesn't get confused. This patch also removes the mode setting since setting the permissions mode on a symlink doesn't make sense. Change-Id: I7019c48220425fc583b9b431eff08a6261ee2ebc
This commit is contained in:
parent
73089a0566
commit
cef0960c6d
|
@ -125,11 +125,17 @@ class iptables(
|
|||
notify => $notify_iptables,
|
||||
}
|
||||
|
||||
if $::osfamily == 'redhat' {
|
||||
$seltype = 'etc_t'
|
||||
} else {
|
||||
$seltype = undef
|
||||
}
|
||||
|
||||
file { $::iptables::params::ipv4_rules:
|
||||
ensure => link,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
seltype => $seltype,
|
||||
target => "${::iptables::params::rules_dir}/rules",
|
||||
require => File["${::iptables::params::rules_dir}/rules"],
|
||||
notify => $notify_iptables,
|
||||
|
|
Loading…
Reference in New Issue