On 28/08/14 10:01, Dominic Cleal wrote: > 2. names of SELinux domains are most likely governed by the distribution > rather than the Puppet project, as at least in Fedora and EL, an SELinux > policy for Puppet is shipped as part of the base targeted policy and not > as part of Puppet. > > This means that Puppet should probably ship with a sane suggestion of > SELinux domains to transition to (e.g. the master application runs in > the puppetmaster_t domain), but packagers may want to be able to > override it relatively easily - perhaps this is a patch, but perhaps > something more like a config file containing a lookup table would be > easier to maintain.
An addendum: if a user installs Puppet from a gem or source (for instance) onto an OS release that doesn't have a working policy for that version of Puppet, they will probably want to disable the context switch. Config of this sort, or a command line argument might work? -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/53FEF2A4.1080100%40redhat.com. For more options, visit https://groups.google.com/d/optout.