On 22 August 2011 16:41, Erinn Looney-Triggs
<[email protected]> wrote:
> Just wondered if anyone else was running into issues with puppetmaster
> and SELinux:
>
> rpm -q puppet-server
> puppet-server-2.6.6-1.el6.noarch
Yep, I had to generate a local puppet module to get this puppet
package working on el6:
module puppetlocal 1.0;
require {
type puppetmaster_t;
type puppet_var_lib_t;
type cobblerd_t;
type httpd_sys_content_t;
type node_t;
type sysfs_t;
type port_t;
type cert_t;
class dir { remove_name search };
class udp_socket { name_bind node_bind };
class file { create setattr };
}
#============= cobblerd_t ==============
#!!!! This avc is allowed in the current policy
allow cobblerd_t cert_t:dir search;
#!!!! This avc is allowed in the current policy
allow cobblerd_t httpd_sys_content_t:dir remove_name;
#!!!! This avc is allowed in the current policy
allow cobblerd_t httpd_sys_content_t:file { create setattr };
#!!!! This avc is allowed in the current policy
allow cobblerd_t puppet_var_lib_t:dir search;
#!!!! This avc is allowed in the current policy
allow cobblerd_t sysfs_t:dir search;
#============= puppetmaster_t ==============
allow puppetmaster_t node_t:udp_socket node_bind;
allow puppetmaster_t port_t:udp_socket name_bind;
_______________________________________________
epel-devel-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/epel-devel-list
