Re: [Puppet-dev] Re: SELinux and Puppet Subcommands

2015-03-30 Thread Lukas Zapletal
> > Maybe it's just a knee-jerk reaction, but I'm having trouble with the idea > that relying on data from the environment could possibly serve a valid > system security objective. That's more usually considered a weakness, and > environment-based exploits are legion. > > Do the contexts used need

Re: [Puppet-dev] Re: SELinux and Puppet Subcommands

2015-03-27 Thread Lukas Zapletal
s Puppet Master server (subject of SELinux confinement) and also spawns agent or helper sub-commands which are not subject of this. If there are subbinaries like in with (git -> git-commit or git-push) there is no need of patching Puppet binary at all. -- S pozdravem / Best regards Lukas Zaplet