Boolaen value which allows the local profile to be managed without touching
the contents of the parent profile. This is desired because the parent
profile comes from an upstream package and we don't want to maintain a
separate fork of it's contents.
# Source path to the Apparmor profile. If unset (default), defaults to
# "${default_base}/${name}".
#
# Source path to the Apparmor profile. If unset (default), defaults to
# "${default_base}/${name}".
#
+# [*local_only*]
+# Boolean variable than can be true or false (default). If true, only the
+# contents of the local profile will be managed.
+#
# [*local_source*]
# Tri-state variable that can be true, false (default) or a source path to the
# local Apparmor profile. If true, uses "${default_base}/local/${name}" as the
# [*local_source*]
# Tri-state variable that can be true, false (default) or a source path to the
# local Apparmor profile. If true, uses "${default_base}/local/${name}" as the
define apparmor::profile (
$default_base = "puppet:///modules/apparmor/aa-profiles/${::lsbdistrelease}",
$source = undef,
define apparmor::profile (
$default_base = "puppet:///modules/apparmor/aa-profiles/${::lsbdistrelease}",
$source = undef,
$local_source = false,
$post_cmd = undef,
) {
$local_source = false,
$post_cmd = undef,
) {
include apparmor
$apparmor_d = $apparmor::apparmor_d
include apparmor
$apparmor_d = $apparmor::apparmor_d
+ if ($local_only == true) {
+ $real_source = undef
+ } elsif ($source) {
$real_source = $source
} else {
$real_source = "${default_base}/${name}"
$real_source = $source
} else {
$real_source = "${default_base}/${name}"
projects / puppet-apparmor.git / commitdiff