>
> Maybe it's just a knee-jerk reaction, but I'm having trouble with the idea
> that relying on data from the environment could possibly serve a valid
> system security objective. That's more usually considered a weakness, and
> environment-based exploits are legion.
>
> Do the contexts used need
s Puppet Master
server (subject of SELinux confinement) and also spawns agent or helper
sub-commands which are not subject of this. If there are subbinaries like
in with (git -> git-commit or git-push) there is no need of patching Puppet
binary at all.
--
S pozdravem / Best regards
Lukas Zaplet