itamae-plugin-resource-security_context 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9b8d401721e7d5dacaa4dfa672e6d407fa3e6139
+  data.tar.gz: 4b7c369724fe0a0e08454d9d895013b53c73c579
+SHA512:
+  metadata.gz: a4e86551acf59e23e0205dee3f63dd9ada4d29888c1b95dee47f5fcef893812b93e95c7a7e689d0185aecb01811753d20459dca446237372903999ea550fb361
+  data.tar.gz: 70d91bb369339d6e3e8e590b4c7fa81957dada717fec482190d66ac25420029bdfe68f36282bbce98625c5098530c3199ed4b1df3a553ddeeb21498fed0ab363

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+README.md
+ChangeLog.md
+
+COPYING.txt

data/.gitignore

@@ -0,0 +1,5 @@
+/.bundle
+/Gemfile.lock
+/html/
+/pkg/
+/vendor/cache/*.gem

data/.rdoc_options

@@ -0,0 +1,16 @@
+--- !ruby/object:RDoc::Options
+encoding: UTF-8
+static_path: []
+rdoc_include:
+  - .
+charset: UTF-8
+exclude: 
+hyperlink_all: false
+line_numbers: false
+main_page: README.md
+markup: markdown
+show_hash: false
+tab_width: 8
+title: itamae-plugin-resource-security_context Documentation
+visibility: :protected
+webcvs:

data/COPYING.txt

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

data/ChangeLog.md

@@ -0,0 +1,4 @@
+### 0.1.0 / 2016-01-20
+
+* Initial release:
+

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,85 @@
+itamae-plugin-resource-security_context
+=======================================
+
+* [Homepage](https://rubygems.org/gems/itamae-plugin-resource-security_context)
+* [Documentation](http://rubydoc.info/gems/itamae-plugin-resource-security_context/frames)
+* [Email](mailto:KitaitiMakoto at gmail.com)
+
+Description
+-----------
+
+[Itamae][] resource plugin to handle with SELinux security context.
+
+Features
+--------
+
+* Restoring security context
+
+Currently, only the feature above is supported.
+
+Examples
+--------
+
+At first, load this plugin.
+
+    require 'itamae/plugin/resource/security_context'
+
+### Restoring security context every time Itamae runs
+
+    security_context '/etc/nginx/nginx.conf' do
+      action :restore
+    end
+
+Note that default action of `security_context` is `:nothing`, you need to write `action` directory when you want to restore security context.
+
+You can also restore context recursively:
+
+    security_context '/etc/httpd/conf.d' do
+      action    :restore
+      recursive true
+    end
+
+### Restoring security context when file is modified
+
+    security_context '/etc/nginx/nginx.conf' do
+      action :nothing
+    end
+
+    template '/etc/nginx/nginx.conf' do
+      source :auto
+      owner  'root'
+      group  'root'
+      mode   '644'
+      notifies :restore, 'security_context[/etc/nginx/nginx.conf]'
+    end
+
+As noted earlier, the default action of `security_context` is `:nothing`, so you can ommit block:
+
+    security_context '/etc/nginx/nginx.conf'
+
+    template '/etc/nginx/nginx.conf' do
+      source :auto
+      owner  'root'
+      group  'root'
+      mode   '644'
+      notifies :restore, 'security_context[/etc/nginx/nginx.conf]'
+    end
+
+Requirements
+------------
+
+* [Itamae][]
+
+Install
+-------
+
+    $ gem install itamae-plugin-resource-security_context
+
+Copyright
+---------
+
+Copyright (c) 2016 KITAITI Makoto
+
+See COPYING.txt for details.
+
+[Itamae]: http://itamae.kitchen

data/Rakefile

@@ -0,0 +1,26 @@
+# encoding: utf-8
+
+require 'rubygems'
+
+begin
+  require 'bundler/setup'
+rescue LoadError => e
+  abort e.message
+end
+
+require 'rake'
+
+
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rdoc/task'
+RDoc::Task.new
+task :doc => :rdoc
+
+require 'rake/testtask'
+Rake::TestTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end

data/itamae-plugin-resource-security_context.gemspec

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'itamae/plugin/resource/security_context/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "itamae-plugin-resource-security_context"
+  gem.version       = Itamae::Plugin::Resource::SecurityContext::VERSION
+  gem.summary       = %q{Itamae SELinux security context resource plugin}
+  gem.description   = %q{Itamae resource plugin to handle with SELinux security context.}
+  gem.license       = "LGPL"
+  gem.authors       = ["KITAITI Makoto"]
+  gem.email         = "KitaitiMakoto@gmail.com"
+  gem.homepage      = "https://rubygems.org/gems/itamae-plugin-resource-security_context"
+
+  gem.files         = `git ls-files`.split($/)
+
+  `git submodule --quiet foreach --recursive pwd`.split($/).each do |submodule|
+    submodule.sub!("#{Dir.pwd}/",'')
+
+    Dir.chdir(submodule) do
+      `git ls-files`.split($/).map do |subpath|
+        gem.files << File.join(submodule,subpath)
+      end
+    end
+  end
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+
+  gem.add_runtime_dependency 'itamae'
+
+  gem.add_development_dependency 'bundler', '~> 1.10'
+  gem.add_development_dependency 'rake', '~> 10.0'
+  gem.add_development_dependency 'rdoc', '~> 4.0'
+  gem.add_development_dependency 'rubygems-tasks', '~> 0.2'
+end

data/lib/itamae/plugin/resource/security_context.rb

@@ -0,0 +1,19 @@
+require 'itamae/plugin/resource/security_context/version'
+
+module Itamae
+  module Plugin
+    module Resource
+      class SecurityContext < ::Itamae::Resource::Base
+        define_attribute :action, default: :nothing
+        define_attribute :path, type: [String], default_name: true
+        define_attribute :recursive, type: [TrueClass, FalseClass], default: false
+
+        def action_restore(options)
+          cmd = ['restorecon', attributes.path]
+          cmd << '-R' if attributes.recursive
+          run_command cmd
+        end
+      end
+    end
+  end
+end

data/lib/itamae/plugin/resource/security_context/version.rb

@@ -0,0 +1,28 @@
+#
+# Copyright (c) 2016 KITAITI Makoto (KitaitiMakoto at gmail.com)
+#
+# itamae-plugin-resource-security_context is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# itamae-plugin-resource-security_context is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with itamae-plugin-resource-security_context.  If not, see <http://www.gnu.org/licenses/>.
+#
+require 'itamae'
+
+module Itamae
+  module Plugin
+    module Resource
+      class SecurityContext < ::Itamae::Resource::Base
+        # itamae-plugin-resource-security_context version
+        VERSION = "0.1.0"
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,12 @@
+require 'rubygems'
+
+begin
+  require 'bundler/setup'
+rescue LoadError => error
+  abort error.message
+end
+
+require 'test/unit'
+
+class Test::Unit::TestCase
+end

data/test/test_itamae-plugin-resource-security_context.rb

@@ -0,0 +1,12 @@
+require 'helper'
+require 'itamae/plugin/resource/security_context'
+
+class TestItamae::Plugin::Resource::SecurityContext < Test::Unit::TestCase
+
+  def test_version
+    version = Itamae::Plugin::Resource::SecurityContext.const_get('VERSION')
+
+    assert !version.empty?, 'should have a VERSION constant'
+  end
+
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: itamae-plugin-resource-security_context
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- KITAITI Makoto
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-01-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: itamae
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: rubygems-tasks
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+description: Itamae resource plugin to handle with SELinux security context.
+email: KitaitiMakoto@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".document"
+- ".gitignore"
+- ".rdoc_options"
+- COPYING.txt
+- ChangeLog.md
+- Gemfile
+- README.md
+- Rakefile
+- itamae-plugin-resource-security_context.gemspec
+- lib/itamae/plugin/resource/security_context.rb
+- lib/itamae/plugin/resource/security_context/version.rb
+- test/helper.rb
+- test/test_itamae-plugin-resource-security_context.rb
+homepage: https://rubygems.org/gems/itamae-plugin-resource-security_context
+licenses:
+- LGPL
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Itamae SELinux security context resource plugin
+test_files:
+- test/helper.rb
+- test/test_itamae-plugin-resource-security_context.rb