Hi everyone, There is a PR for Puppet to address difficulties setting security contexts in SELinux for specific puppet subcommands ( https://github.com/puppetlabs/puppet/pull/2997). The contributer (Lukáš Zapletal) originally was looking to add additional wrapper scripts around subcommands so that a puppet_exec_t could be set for these files. There is general concern about the confusion caused by reintroducing separate commands, and Dominic Cleal suggested making use of Ruby's SELinux bindings (specifically Puppet::Util::SELinux.setcon in Puppet) to instead handle the context switch internally.
Talking this over during the triage today, this seems like a reasonable approach, but we're lacking SELinux experience, and were wondering if there were additional Puppet/SELinux users out there who might weigh in on this? thanks, Josh -- Josh Partlow jpart...@puppetlabs.com Developer, Puppet Labs Join us at PuppetConf 2014, September 20-24 in San Francisco Register by September 8th to take advantage of the Final Countdown —save $149! -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CADxAQ5raQGTdjiGKQp3VsSvZu9oX3N-yLmK-isviuiH8BVJPPQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
