Blame policy/modules/services/puppet.if
|
Craig Grube |
e87791 |
## <summary>Puppet client daemon</summary>
|
|
Craig Grube |
e87791 |
## <desc>
|
|
Chris PeBenito |
e6d8fd |
##
|
|
Craig Grube |
e87791 |
## Puppet is a configuration management system written in Ruby.
|
|
Chris PeBenito |
e6d8fd |
## The client daemon is responsible for periodically requesting the
|
|
Chris PeBenito |
e6d8fd |
## desired system state from the server and ensuring the state of
|
|
Chris PeBenito |
e6d8fd |
## the client system matches.
|
|
Chris PeBenito |
e6d8fd |
##
|
|
Chris PeBenito |
e6d8fd |
## </desc>
|
|
Chris PeBenito |
e6d8fd |
|
|
Craig Grube |
e87791 |
################################################
|
|
Craig Grube |
e87791 |
## <summary>
|
|
Chris PeBenito |
e6d8fd |
## Read / Write to Puppet temp files. Puppet uses
|
|
Chris PeBenito |
e6d8fd |
## some system binaries (groupadd, etc) that run in
|
|
Chris PeBenito |
e6d8fd |
## a non-puppet domain and redirects output into temp
|
|
Chris PeBenito |
e6d8fd |
## files.
|
|
Craig Grube |
e87791 |
## </summary>
|
|
Craig Grube |
e87791 |
## <param name="domain">
|
|
Chris PeBenito |
e6d8fd |
## <summary>
|
|
Chris PeBenito |
e6d8fd |
## Domain allowed access
|
|
Chris PeBenito |
e6d8fd |
## </summary>
|
|
Chris PeBenito |
e6d8fd |
## </param>
|
|
Chris PeBenito |
e6d8fd |
#
|
|
Craig Grube |
e87791 |
interface(`puppet_rw_tmp', `
|
|
Craig Grube |
e87791 |
gen_require(`
|
|
Craig Grube |
e87791 |
type puppet_tmp_t;
|
|
Craig Grube |
e87791 |
')
|
|
Craig Grube |
e87791 |
|
|
Craig Grube |
e87791 |
allow $1 puppet_tmp_t:file rw_file_perms;
|
|
Craig Grube |
e87791 |
files_search_tmp($1)
|
|
Craig Grube |
e87791 |
')
|