Improve the inline documentation for SELinux types and parameters

2008-10-22 19:07:08 -04:00 · 2008-10-22 19:07:08 -04:00 · 22024bce8f
--- a/lib/puppet/type/file/selcontext.rb
+++ b/lib/puppet/type/file/selcontext.rb
@ -56,28 +56,45 @@ module Puppet
    end

    Puppet.type(:file).newproperty(:seluser, :parent => Puppet::SELFileContext) do
-        desc "What the SELinux User context of the file should be."
+        desc "What the SELinux user component of the context of the file should be.
+            Any valid SELinux user component is accepted.  For example ``user_u``.
+            If not specified it defaults to the value returned by matchpathcon for
+            the file, if any exists.  Only valid on systems with SELinux support
+            enabled."

        @event = :file_changed
        defaultto { self.retrieve_default_context(:seluser) }
    end

    Puppet.type(:file).newproperty(:selrole, :parent => Puppet::SELFileContext) do
-        desc "What the SELinux Role context of the file should be."
+        desc "What the SELinux role component of the context of the file should be.
+            Any valid SELinux role component is accepted.  For example ``role_r``.
+            If not specified it defaults to the value returned by matchpathcon for
+            the file, if any exists.  Only valid on systems with SELinux support
+            enabled."

        @event = :file_changed
        defaultto { self.retrieve_default_context(:selrole) }
    end

    Puppet.type(:file).newproperty(:seltype, :parent => Puppet::SELFileContext) do
-        desc "What the SELinux Type context of the file should be."
+        desc "What the SELinux type component of the context of the file should be.
+            Any valid SELinux type component is accepted.  For example ``tmp_t``.
+            If not specified it defaults to the value returned by matchpathcon for
+            the file, if any exists.  Only valid on systems with SELinux support
+            enabled."

        @event = :file_changed
        defaultto { self.retrieve_default_context(:seltype) }
    end

    Puppet.type(:file).newproperty(:selrange, :parent => Puppet::SELFileContext) do
-        desc "What the SELinux Range context of the file should be."
+        desc "What the SELinux range component of the context of the file should be.
+            Any valid SELinux range component is accepted.  For example ``s0`` or
+            ``SystemHigh``.  If not specified it defaults to the value returned by
+            matchpathcon for the file, if any exists.  Only valid on systems with
+            SELinux support enabled and that have support for MCS (Multi-Category
+            Security)."

        @event = :file_changed
        defaultto { self.retrieve_default_context(:selrange) }
--- a/lib/puppet/type/selboolean.rb
+++ b/lib/puppet/type/selboolean.rb
@ -4,7 +4,8 @@

 module Puppet
    newtype(:selboolean) do
-        @doc = "Enable or disable SELinux booleans."
+        @doc = "Manages SELinux booleans on systems with SELinux support.  The supported booleans
+            are any of the ones found in /selinux/booleans/."

        newparam(:name) do
            desc "The name of the SELinux boolean to be managed."
@ -12,13 +13,14 @@ module Puppet
        end

        newproperty(:value) do
-            desc "Whether the the SELinux boolean should be enabled or disabled.  Possible values are ``on`` or ``off``."
+            desc "Whether the the SELinux boolean should be enabled or disabled."
            newvalue(:on)
            newvalue(:off)
        end

        newparam(:persistent) do
-            desc "If set true, SELinux booleans will be written to disk and persist accross reboots."
+            desc "If set true, SELinux booleans will be written to disk and persist accross reboots.
+                The default is ``false``."

            defaultto :false
            newvalues(:true, :false)
--- a/lib/puppet/type/selmodule.rb
+++ b/lib/puppet/type/selmodule.rb
@ -3,36 +3,40 @@
 #

 Puppet::Type.newtype(:selmodule) do
-    @doc = "Enable or disable SELinux policy modules."
+    @doc = "Manages loading and unloading of SELinux policy modules
+        on the system.  Requires SELinux support.  See man semodule(8)
+        for more information on SELinux policy modules."

    ensurable

    newparam(:name) do
-        desc "The name of the SELinux policy to be managed."
+        desc "The name of the SELinux policy to be managed.  You should not
+            include the customary trailing .pp extension."
        isnamevar
    end

    newparam(:selmoduledir) do

        desc "The directory to look for the compiled pp module file in.
-        Currently defaults to /usr/share/selinux/targeted"
+            Currently defaults to /usr/share/selinux/targeted.  If selmodulepath
+            is not specified the module will be looked for in this directory in a
+            in a file called NAME.pp, where NAME is the value of the name parameter."

        defaultto "/usr/share/selinux/targeted"
    end

    newparam(:selmodulepath) do

-        desc "The full path in which to look for the compiled pp
-        module file in.  You only need to use this if the module file
-        is not in the directory pointed at by selmoduledir."
+        desc "The full path to the compiled .pp policy module.  You only need to use
+            this if the module file is not in the directory pointed at by selmoduledir."

    end

    newproperty(:syncversion) do

-        desc "If set to 'true', the policy will be reloaded if the
+        desc "If set to ``true``, the policy will be reloaded if the
        version found in the on-disk file differs from the loaded
-        version.  If set to 'false' (the default) the the only check
+        version.  If set to ``false`` (the default) the the only check
        that will be made is if the policy is loaded at all or not."

        newvalue(:true)