From cf8c73a7d3e4da8f79ea7071f3724e4deb1529c2 Mon Sep 17 00:00:00 2001
From: Antonio Terceiro <terceiro@softwarelivre.org>
Date: Thu, 2 Apr 2015 14:34:49 -0300
Subject: [PATCH] Add SELinux

---
 cookbooks/basics/files/default/selinux_config |  4 ++++
 cookbooks/basics/recipes/default.rb           | 11 +++++++++++
 2 files changed, 15 insertions(+), 0 deletions(-)
 create mode 100644 cookbooks/basics/files/default/selinux_config

diff --git a/cookbooks/basics/files/default/selinux_config b/cookbooks/basics/files/default/selinux_config
new file mode 100644
index 0000000..631f939
--- /dev/null
+++ b/cookbooks/basics/files/default/selinux_config
@@ -0,0 +1,4 @@
+# MANAGED WITH CHEF. DO NOT CHANGE BY HAND
+
+SELINUX=enforcing
+SELINUXTYPE=targeted
diff --git a/cookbooks/basics/recipes/default.rb b/cookbooks/basics/recipes/default.rb
index c9c2d2c..e4748ed 100644
--- a/cookbooks/basics/recipes/default.rb
+++ b/cookbooks/basics/recipes/default.rb
@@ -1,6 +1,17 @@
 # enable EPEL repository by default
 package 'epel-release'
 
+# replicate production security setup
+package 'selinux-policy'
+package 'policycoreutils-python'
+cookbook_file '/etc/selinux/config' do
+  source  'selinux_config'
+  owner   'root'
+  group   'root'
+  mode    0644
+end
+execute 'setenforce Enforcing'
+
 package 'vim'
 package 'bash-completion'
 package 'rsyslog'
--
libgit2 0.21.2