[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/0.24.6-1-356-g5718585
James Turnbull
james at lovedthanlost.net
Fri Jan 23 14:21:29 UTC 2009
The following commit has been merged in the master branch:
commit 22024bce8f47ea37d57e57dd25d42b8a1996693c
Author: Sean E. Millichamp <sean at bruenor.org>
Date: Wed Oct 22 19:07:08 2008 -0400
Improve the inline documentation for SELinux types and parameters
diff --git a/lib/puppet/type/file/selcontext.rb b/lib/puppet/type/file/selcontext.rb
index b2c89e6..d5111ca 100644
--- a/lib/puppet/type/file/selcontext.rb
+++ b/lib/puppet/type/file/selcontext.rb
@@ -56,28 +56,45 @@ module Puppet
end
Puppet.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
- desc "What the SELinux User context of the file should be."
+ desc "What the SELinux user component of the context of the file should be.
+ Any valid SELinux user component is accepted. For example ``user_u``.
+ If not specified it defaults to the value returned by matchpathcon for
+ the file, if any exists. Only valid on systems with SELinux support
+ enabled."
@event = :file_changed
defaultto { self.retrieve_default_context(:seluser) }
end
Puppet.type(:file).newproperty(:selrole, :parent => Puppet::SELFileContext) do
- desc "What the SELinux Role context of the file should be."
+ desc "What the SELinux role component of the context of the file should be.
+ Any valid SELinux role component is accepted. For example ``role_r``.
+ If not specified it defaults to the value returned by matchpathcon for
+ the file, if any exists. Only valid on systems with SELinux support
+ enabled."
@event = :file_changed
defaultto { self.retrieve_default_context(:selrole) }
end
Puppet.type(:file).newproperty(:seltype, :parent => Puppet::SELFileContext) do
- desc "What the SELinux Type context of the file should be."
+ desc "What the SELinux type component of the context of the file should be.
+ Any valid SELinux type component is accepted. For example ``tmp_t``.
+ If not specified it defaults to the value returned by matchpathcon for
+ the file, if any exists. Only valid on systems with SELinux support
+ enabled."
@event = :file_changed
defaultto { self.retrieve_default_context(:seltype) }
end
Puppet.type(:file).newproperty(:selrange, :parent => Puppet::SELFileContext) do
- desc "What the SELinux Range context of the file should be."
+ desc "What the SELinux range component of the context of the file should be.
+ Any valid SELinux range component is accepted. For example ``s0`` or
+ ``SystemHigh``. If not specified it defaults to the value returned by
+ matchpathcon for the file, if any exists. Only valid on systems with
+ SELinux support enabled and that have support for MCS (Multi-Category
+ Security)."
@event = :file_changed
defaultto { self.retrieve_default_context(:selrange) }
diff --git a/lib/puppet/type/selboolean.rb b/lib/puppet/type/selboolean.rb
index d12dd3b..b1f12ca 100644
--- a/lib/puppet/type/selboolean.rb
+++ b/lib/puppet/type/selboolean.rb
@@ -4,7 +4,8 @@
module Puppet
newtype(:selboolean) do
- @doc = "Enable or disable SELinux booleans."
+ @doc = "Manages SELinux booleans on systems with SELinux support. The supported booleans
+ are any of the ones found in /selinux/booleans/."
newparam(:name) do
desc "The name of the SELinux boolean to be managed."
@@ -12,13 +13,14 @@ module Puppet
end
newproperty(:value) do
- desc "Whether the the SELinux boolean should be enabled or disabled. Possible values are ``on`` or ``off``."
+ desc "Whether the the SELinux boolean should be enabled or disabled."
newvalue(:on)
newvalue(:off)
end
newparam(:persistent) do
- desc "If set true, SELinux booleans will be written to disk and persist accross reboots."
+ desc "If set true, SELinux booleans will be written to disk and persist accross reboots.
+ The default is ``false``."
defaultto :false
newvalues(:true, :false)
diff --git a/lib/puppet/type/selmodule.rb b/lib/puppet/type/selmodule.rb
index 1f02912..883cd95 100644
--- a/lib/puppet/type/selmodule.rb
+++ b/lib/puppet/type/selmodule.rb
@@ -3,36 +3,40 @@
#
Puppet::Type.newtype(:selmodule) do
- @doc = "Enable or disable SELinux policy modules."
+ @doc = "Manages loading and unloading of SELinux policy modules
+ on the system. Requires SELinux support. See man semodule(8)
+ for more information on SELinux policy modules."
ensurable
newparam(:name) do
- desc "The name of the SELinux policy to be managed."
+ desc "The name of the SELinux policy to be managed. You should not
+ include the customary trailing .pp extension."
isnamevar
end
newparam(:selmoduledir) do
desc "The directory to look for the compiled pp module file in.
- Currently defaults to /usr/share/selinux/targeted"
+ Currently defaults to /usr/share/selinux/targeted. If selmodulepath
+ is not specified the module will be looked for in this directory in a
+ in a file called NAME.pp, where NAME is the value of the name parameter."
defaultto "/usr/share/selinux/targeted"
end
newparam(:selmodulepath) do
- desc "The full path in which to look for the compiled pp
- module file in. You only need to use this if the module file
- is not in the directory pointed at by selmoduledir."
+ desc "The full path to the compiled .pp policy module. You only need to use
+ this if the module file is not in the directory pointed at by selmoduledir."
end
newproperty(:syncversion) do
- desc "If set to 'true', the policy will be reloaded if the
+ desc "If set to ``true``, the policy will be reloaded if the
version found in the on-disk file differs from the loaded
- version. If set to 'false' (the default) the the only check
+ version. If set to ``false`` (the default) the the only check
that will be made is if the policy is loaded at all or not."
newvalue(:true)
--
Puppet packaging for Debian
More information about the Pkg-puppet-devel
mailing list