Page MenuHomeDevCentral
Files F11697879

D3658.id9475.diff
No OneTemporary
Actions

D3658.id9475.diff
View Options

diff --git a/roles/core/userland-software/base.sls b/roles/core/userland-software/base.sls
--- a/roles/core/userland-software/base.sls
+++ b/roles/core/userland-software/base.sls
@@ -21,18 +21,6 @@
- tcsh
{% endif %}
- # Shell utilities
- {% if grains['os'] == 'FreeBSD' %}
- - starship
- {% endif %}
-
-{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
-install_starship:
- cmd.run:
- - name: snap install starship
- - creates: /var/lib/snapd/snap/bin/starship
-{% endif %}
-
/usr/local/share/zsh/site-functions/_pm:
file.managed:
# At commit 683d331 - 2017-11-05
diff --git a/roles/core/userland-software/files/selinux/systemd-hostnamed.te b/roles/core/userland-software/files/selinux/systemd-hostnamed.te
new file mode 100644
--- /dev/null
+++ b/roles/core/userland-software/files/selinux/systemd-hostnamed.te
@@ -0,0 +1,25 @@
+# -------------------------------------------------------------
+# Configuration for systemd-hostnamed for Starship
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Description: SELinux policy to fix T2113
+# Source file: roles/core/userland-software/files/selinux/systemd-hostnamed.te
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+module systemd-hostnamed 1.0;
+
+require {
+ type init_var_run_t;
+ type systemd_hostnamed_t;
+ class sock_file create;
+}
+
+#============= systemd_hostnamed_t ==============
+allow systemd_hostnamed_t init_var_run_t:sock_file create;
diff --git a/roles/core/userland-software/init.sls b/roles/core/userland-software/init.sls
--- a/roles/core/userland-software/init.sls
+++ b/roles/core/userland-software/init.sls
@@ -9,3 +9,4 @@
include:
- .sources
- .base
+ - .starship
diff --git a/roles/core/userland-software/starship.sls b/roles/core/userland-software/starship.sls
new file mode 100644
--- /dev/null
+++ b/roles/core/userland-software/starship.sls
@@ -0,0 +1,51 @@
+# -------------------------------------------------------------
+# Salt — Provision software needed by other core roles
+# to deploy on all servers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, packages with context %}
+
+# -------------------------------------------------------------
+# Starship installation
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os'] == 'FreeBSD' %}
+starship:
+ pkg.installed
+{% endif %}
+
+{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
+install_starship:
+ cmd.run:
+ - name: snap install starship
+ - creates: /var/lib/snapd/snap/bin/starship
+{% endif %}
+
+# -------------------------------------------------------------
+# SELinux
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os_family'] == 'RedHat' %}
+
+/usr/local/share/selinux/systemd-hostnamed.te:
+ file.managed:
+ - source: salt://roles/core/userland-software/files/selinux/systemd-hostnamed.te
+ - makedirs: True
+
+/usr/local/share/selinux/systemd-hostnamed.pp:
+ cmd.run:
+ - name: make -f /usr/share/selinux/devel/Makefile systemd-hostnamed.pp
+ - creates: /usr/local/share/selinux/systemd-hostnamed.pp
+ - cwd: /usr/local/share/selinux
+
+install_selinux_starship_module:
+ cmd.run:
+ - name: semodule -i systemd-hostnamed.pp
+ - cwd: /usr/local/share/selinux
+ - onchanges:
+ - cmd: /usr/local/share/selinux/systemd-hostnamed.pp
+
+{% endif %}

File Metadata

Mime Type
text/plain
Expires
Fri, Sep 12, 18:06 (14 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2979708
Default Alt Text
D3658.id9475.diff (3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator