Hello, I filed a pull request with a draft code which is alighed with what Dominic proposed:
https://github.com/puppetlabs/puppet/pull/2997 It does not introduce any new global command line parameters because I think it's an overkill. There are three env. variables which can be used to tune this up, but I think this would be rare cases. LZ On Wednesday, August 27, 2014 9:00:49 PM UTC+2, Joshua Partlow wrote: > > Hi everyone, > > There is a PR for Puppet to address difficulties setting security contexts > in SELinux for specific puppet subcommands ( > https://github.com/puppetlabs/puppet/pull/2997). The contributer (Lukáš > Zapletal) originally was looking to add additional wrapper scripts around > subcommands so that a puppet_exec_t could be set for these files. There is > general concern about the confusion caused by reintroducing separate > commands, and Dominic Cleal suggested making use of Ruby's SELinux bindings > (specifically Puppet::Util::SELinux.setcon in Puppet) to instead handle the > context switch internally. > > Talking this over during the triage today, this seems like a reasonable > approach, but we're lacking SELinux experience, and were wondering if there > were additional Puppet/SELinux users out there who might weigh in on this? > > thanks, > Josh > > -- > Josh Partlow > jpar...@puppetlabs.com <javascript:> > Developer, Puppet Labs > > Join us at PuppetConf 2014, September 20-24 in San Francisco > Register by September 8th to take advantage of the Final Countdown —save > $149! > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/10777275-769c-4f45-a217-512ecc3ec7b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.