> > Maybe it's just a knee-jerk reaction, but I'm having trouble with the idea > that relying on data from the environment could possibly serve a valid > system security objective. That's more usually considered a weakness, and > environment-based exploits are legion. > > Do the contexts used need to be configurable in Puppet at all? Couldn't > they be hard-coded, in which case it becomes a matter of system SELinux > policy, rather than Puppet configuration, to grant appropriate access to > the contexts in which the various subcommands run? >
Valid concern, but the application is already constrained by the policy itself. Even if you modify the domain via configuration, SELinux policy must allow that kind of transition. The conifguration is solely for linux distributors and it is not expected to be modified by end users. > What if there were a command-line option that controlled whether Puppet > would attempt to perform a context switch, with a default value > configurable at build time? A default build might default to not > switching, yet still have the option for the user to request a switch, > whereas, say, the RPM build would default to switching (but have the option > to suppress a switch). > > I am with you with build time configuration, that was in my initial proposal. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CAE6MHmxMY3cPEEC6AG56wg6ymNWfPCHCtHD%3Dt-Du6Aa23_q6QQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
