SEModules

New in version 1.3.0.

The SEModules plugin handles SELinux module entries. It supports group- and host-specific module versions, and enabling/disabling modules.

You can use tools/selinux_baseline.py to create a baseline of all of your installed modules.

See SELinux for more information.

Usage

To use the SEModules plugin, first do mkdir /var/lib/bcfg2/SEModules. Add SEModules to your plugins line in /etc/bcfg2.conf and restart bcfg2-server.

The SEModules directory contains modules in a layout similar to the Cfg plugin: at the top level, SEModules should contain directories named after the modules you want to install, and each of those directories can contain a global module, plus any number of group- and host-specific modules. For instance:

$ ls -F SEModules
foo.pp/  bar.pp/
$ ls SEModules/foo.pp/
foo.pp
foo.pp.G50_server
foo.pp.H_baz.example.com

For more information on this directory layout, see Cfg.

Entries

SEModules handles <SEModule> entries. For instance:

<Bundle>
  <SEModule name="foo.pp"/>
</Bundle>

The .pp extension is optional.

Note

If you use a BoundSEModule tag, you must not include the .pp extension. This is not recommended, though.

You can also install a disabled module:

<SEModule name="foo" disabled="true"/>