From 2317fc2db305667841484545288f243ae46bf578 Mon Sep 17 00:00:00 2001
From: Michael Geiger <michael.geiger@telekom.de>
Date: Fri, 4 Oct 2019 14:58:14 +0200
Subject: [PATCH] CentOS 8 support (#229)

* +CentOS 8
* Ignore SELinux on minimize access (for CentOS 8)

Signed-off-by: Michael Geiger <michael.geiger@telekom.de>
---
 .travis.yml                  |  2 ++
 kitchen.do.yml               |  6 ++++++
 kitchen.yml                  |  5 ++++-
 manifests/minimize_access.pp | 11 ++++++-----
 metadata.json                |  3 ++-
 5 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index b557362..a90a4d8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -39,6 +39,8 @@ jobs:
       env: INSTANCE=centos-7-puppet5 CHECK=kitchen
     - name: "Integration test (CentOS 7 / Puppet 6)"
       env: INSTANCE=centos-7-puppet6 CHECK=kitchen
+    - name: "Integration test (CentOS 8 / Puppet 6)"
+      env: INSTANCE=centos-8-puppet6 CHECK=kitchen
     - name: "Integration test (Debian 8 / Puppet 5)"
       env: INSTANCE=debian-8-puppet5 CHECK=kitchen
     - name: "Integration test (Debian 9 / Puppet 5)"
diff --git a/kitchen.do.yml b/kitchen.do.yml
index f9119a8..230930c 100644
--- a/kitchen.do.yml
+++ b/kitchen.do.yml
@@ -31,6 +31,12 @@ platforms:
     provisioner:
       puppet_yum_repo: https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
       puppet_yum_collections_repo: http://yum.puppetlabs.com/puppet6/puppet6-release-el-7.noarch.rpm
+  - name: centos-8-puppet6
+    driver_config:
+      image: centos-8-x64
+    provisioner:
+      puppet_yum_repo: https://yum.puppetlabs.com/puppetlabs-release-el-8.noarch.rpm
+      puppet_yum_collections_repo: http://yum.puppetlabs.com/puppet6/puppet6-release-el-8.noarch.rpm
   - name: debian-8-puppet5
     driver_config:
       image: debian-8-x64
diff --git a/kitchen.yml b/kitchen.yml
index 7397249..1a2883f 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -5,7 +5,6 @@ driver:
   name: docker
   privileged: true
   require_chef_omnibus: false
-  #socket: tcp://10.182.149.94
   use_sudo: false
 
 provisioner:
@@ -29,6 +28,10 @@ platforms:
     provisioner:
       puppet_yum_repo: https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
       puppet_yum_collections_repo: http://yum.puppetlabs.com/puppet6/puppet6-release-el-7.noarch.rpm
+  - name: centos-8-puppet6
+    provisioner:
+      puppet_yum_repo: https://yum.puppetlabs.com/puppetlabs-release-el-8.noarch.rpm
+      puppet_yum_collections_repo: http://yum.puppetlabs.com/puppet6/puppet6-release-el-8.noarch.rpm
   - name: debian-8-puppet5
     provisioner:
       puppet_apt_repo: https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
diff --git a/manifests/minimize_access.pp b/manifests/minimize_access.pp
index 5e25019..3fc23dd 100644
--- a/manifests/minimize_access.pp
+++ b/manifests/minimize_access.pp
@@ -47,11 +47,12 @@
   # this prevents changing any system-wide command from normal users
   ensure_resources ('file',
   { $folders_to_restrict => {
-      ensure       => directory,
-      links        => follow,
-      mode         => 'go-w',
-      recurse      => true,
-      recurselimit => $recurselimit,
+      ensure                  => directory,
+      links                   => follow,
+      mode                    => 'go-w',
+      recurse                 => true,
+      recurselimit            => $recurselimit,
+      selinux_ignore_defaults => true,
     }
   })
 # Added users with homes
diff --git a/metadata.json b/metadata.json
index 3569bd3..47e8a8f 100644
--- a/metadata.json
+++ b/metadata.json
@@ -29,7 +29,8 @@
       "operatingsystem": "CentOS",
       "operatingsystemrelease": [
         "6",
-        "7"
+        "7",
+        "8"
       ]
     },
     {