On Thursday, March 26, 2015 at 2:25:38 PM UTC-5, Melissa Stone wrote:
The current pull request uses the following environment variables:
- NO_PUPPET_SELINUX_DTRANS
- PUPPET_SELINUX_MASTER_DOMAIN
- PUPPET_SELINUX_CA_DOMAIN
Maybe it's just a knee-jerk reaction, but I'm having
Just out of curiosity, are you going to double wrap this in a Java Security
Policy for those systems that don't have SELinux?
Thanks,
Trevor
On Fri, Mar 27, 2015 at 5:49 AM, Dominic Cleal dclea...@redhat.com wrote:
On 26/03/15 19:25, Melissa Stone wrote:
Hi all,
I just wanted to point
On 26/03/15 19:25, Melissa Stone wrote:
Hi all,
I just wanted to point out that Adrien brought up some interesting
comments in the ticket for this discussion. So that response gets more
exposure, I wanted to post it here:
From Adrien Thebo:
I've reviewed PR 3627 and the puppet-dev
Just out of curiosity, are you going to double wrap this in a Java
Security Policy for those systems that don't have SELinux?
IFAIK JSP and SELinux are two different technologies with different goals.
JSP can't protect you from security bugs in JVM and the granulality is much
lower than
[snip]
Environment variables vs configuration via a file
Dominic Cleal indicated that we should change the SELinux context before
we read any configuration files, which makes us need an alternate method
of configuring SELinux, which the reason of running unconfined for as
Hi all,
I just wanted to point out that Adrien brought up some interesting comments
in the ticket for this discussion. So that response gets more exposure, I
wanted to post it here:
From Adrien Thebo:
I've reviewed PR 3627 and the puppet-dev mailing list thread, and I think
that this issue
Hello,
I filed a pull request with a draft code which is alighed with what Dominic
proposed:
https://github.com/puppetlabs/puppet/pull/2997
It does not introduce any new global command line parameters because I
think it's an overkill. There are three env. variables which can be used to
tune