selinux::fcontext support for refreshonly

[earsdown]

Currently the module's selinux::fcontext define type executes a restorecon on every puppet run, which generates notices. Could we do something like this:

diff --git a/manifests/fcontext.pp b/manifests/fcontext.pp
index c4173d7..4e1c4dc 100644
--- a/manifests/fcontext.pp
+++ b/manifests/fcontext.pp
@@ -8,6 +8,7 @@
 # - *$ensure*: present/absent
 # - *$recursive*: apply to all subdirectories
 # - *$setype*: security context name
+# - *$refreshonly*: if set to true, only executes restorecon if something changed
 #
 # Example usage:
 #
@@ -26,6 +27,7 @@ define selinux::fcontext(
   $setype,
   $ensure    = 'present',
   $recursive = true,
+  $refreshonly = true,
 ) {

   $path = $name
@@ -50,11 +52,11 @@ define selinux::fcontext(
     path    => '/usr/bin:/usr/sbin:/bin:/sbin',
     command => "semanage fcontext -a -t ${setype} \"${path}${path_glob}\"",
     unless  => "semanage fcontext --list | ( ${grep} '${re}' >/dev/null)"
-  }
-
+  } ~>
   exec { "restorecon -R ${path}":
     path    => '/usr/bin:/usr/sbin:/bin:/sbin',
-    command => "restorecon -R ${path}"
+    command => "restorecon -R ${path}",
+    refreshonly => $refreshonly,
   }

 }

[mremy]

Thank you. Can you provide a PR please ?

[mremy]

Resolved by PR25