Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

puppet: Disable apparmor profile for msmtp. 

As the nagios user, we want to read the msmtp configuration from
~nagios, which apparmor's profile does not allow msmtp to do.
This commit is contained in:
Alex Vandiver 2022-01-10 16:54:05 -08:00 committed by Tim Abbott
parent 3c95ad82c6
commit 1e80b844f4
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
puppet/zulip_ops/manifests/profile/nagios.pp
View File

@ -140,6 +140,17 @@ class zulip_ops::profile::nagios {
require => File['/var/lib/nagios'],
}
# Disable apparmor for msmtp so it can read the above config file
file { '/etc/apparmor.d/disable/usr.bin.msmtp':
ensure => link,
target => '/etc/apparmor.d/usr.bin.msmtp',
notify => Exec['reload apparmor'],
}
exec {'reload apparmor':
command => '/sbin/apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp',
refreshonly => true,
}
exec { 'fix_nagios_permissions':
command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios4/rw',
unless => 'bash -c "ls -ld /var/lib/nagios4/rw | grep ^drwx--s--- -q"',