On 28/08/14 20:39, Lukáš Zapletal wrote:
>     An addendum: if a user installs Puppet from a gem or source (for
>     instance) onto an OS release that doesn't have a working policy for
>     that
>     version of Puppet, they will probably want to disable the context
>     switch.  Config of this sort, or a command line argument might work?
> 
> 
> This is contradictory to your context switch before reading config
> suggestion.

Indeed, to an extent.  I was thinking of something more hard coded for
SELinux contexts, while ensuring a context switch before "puppet ...
--config [path]" allowed reading of arbitrary files

> I think when using a gem install, no SELinux transition should be ever
> commited. It is not expected to have SELinux protection for gems. So by
> default this would be turned off and distributions would turn this on.
> 
> As you suggest, if this (and the domains to transition into) are in a
> separate "support" file, this would make distribution patching piece of
> cake. This would require three "echo" commands in a SPEC file (turn on,
> domain for puppet master, domain for puppet ca).

Yeah, that makes sense I think.

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-dev/54002E84.1020203%40redhat.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to