On Sun, Sep 9, 2012 at 10:46 AM, Jon McKenzie <[email protected]> wrote:
> Hi, > > I'm just trying to get an idea about the best way to implement this: > > I want a type that uses the 'semanage' binary to manage targeted policy > (in this case for files). > > So for example to create a targeted policy, I might do something like: > > semanage fcontext -a -f -d -t some_domain_t "/path/to/files(/.*)?" > > ... which would add a target policy that sets 'some_domain_t' on all > directories in "/path/to/files/" > > The question I have is about the "-d", which is a parameter to "-f", that > directs policy to only cover directories (e.g. "-d" is for directories, > "--" is for regular files, "-s" is for sockets, etc. -- see the help for > semanage for the rest). > > I want a property called :filetype that can have a value of :file, > :directory, :all, :socket, :character, :block, etc. Once I get valid input, > I want to convert the value to the appropriate flag for the command. What's > the best way to do this? > > My current idea is to accept any input, and then have a case switch inside > of a munge block, e.g.: > > munge do |value| > case value > when "file" > value = "--" > when "directory" > value = "-d" > ... etc.. > end > end > > Is this the "correct" way to implement this? The syntax here looks correct. You may also want to use newvalues to restrict the values that are allowed. > Should this even be in the type definition (since these are details of the > provider)? > That is a really good point. It would be more consistent with the model if this munging was done in the provider. Of coarse in only really 'matters' if you think the type will have multiple providers. > > Thanks for your help, > Jon > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/1PVDZB_Cw2QJ. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
