New in version 1.3.0.
The SEModules plugin handles SELinux module entries. It supports group- and host-specific module versions, and enabling/disabling modules.
You can use tools/selinux_baseline.py to create a baseline of all of your installed modules.
See SELinux for more information.
To use the SEModules plugin, first do mkdir /var/lib/bcfg2/SEModules. Add SEModules to your plugins line in /etc/bcfg2.conf and restart bcfg2-server.
The SEModules directory contains modules in a layout similar to the Cfg plugin: at the top level, SEModules should contain directories named after the modules you want to install, and each of those directories can contain a global module, plus any number of group- and host-specific modules. For instance:
$ ls -F SEModules
foo.pp/ bar.pp/
$ ls SEModules/foo.pp/
foo.pp
foo.pp.G50_server
foo.pp.H_baz.example.com
For more information on this directory layout, see Cfg.
SEModules handles <SEModule> entries. For instance:
<Bundle name="foo">
<SEModule name="foo.pp"/>
</Bundle>
The .pp extension is optional.
Note
If you use a BoundSEModule tag, you must not include the .pp extension. This is not recommend, though.
You can also install a disabled module:
<SEModule name="foo" disabled="true"/>