You might want to setup an alias mv mv -Z
This changes the way mv works to set the context after mv rather then
maintaining the source context.
Thanks! That's probably a good suggestion. However I did try doing a
restorecon -R -v on the entire puppet directory. No luck in resolving that
I have no idea of the current dependency problem. I think your original
problem was caused by mv'ing files from an nfs share to /etc which
maintained the context. And SELinux prevented puppet from accessing
nfs_t type. If you had just run restorecon on the object it would have
set it back to
Hi all,
Thanks for all your suggestions. Here's where I'm at with this.
Can you give details about your puppetmasterd setup ? it seems that
you're using Foreman as puppet ENC.
Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using
foreman, sorry I hadn't thought to mention
Hey guys,
Quick update. I grepped through the output of getsebool -a to see that
related to puppet. And I found this setting: puppetagent_manage_all_files.
So I tried running this command: setsebool -P puppetagent_manage_all_files
0
And did a restorecon on my modules directory: restorecon -R
In my audit logs I found this entry:
type=AVC msg=audit(1434769414.956:562): avc: denied { open } for
pid=3558 comm=ruby
path=/etc/puppet/environments/production/modules/bacula/files/monitor1/monitor1.mydomain.com.crt
dev=vda1 ino=1842005 scontext=system_u:system_r:passenger_t:s0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/06/15 05:25, Tim Dunphy wrote:
Hey folks,
Ok so I'm having another issue with SELinux. However I think I'm
pretty close to a solution and just need a nudge in the right
directtion.
I wrote a puppet module that gets systems into bacula
Hey folks,
Ok so I'm having another issue with SELinux. However I think I'm pretty
close to a solution and just need a nudge in the right directtion.
I wrote a puppet module that gets systems into bacula backups. Part of the
formula is to distribute key/cert pairs with permissions that allow
7 matches
Mail list logo