<tt><font size=2>> From: lzap@redhat.com</font></tt>
<br><tt><font size=2>> To: <devel@lists.fedoraproject.org></font></tt>
<br><tt><font size=2>> Date: 04/22/2014 08:47</font></tt>
<br><tt><font size=2>> <br>
> Hello,<br>
> <br>
> we are rolling out update of Puppet to 3.4.3 in Fedora 20 and Rawhide
that<br>
> adds one important change. We have found that puppet master was running<br>
> unconfined, therefore the Puppet SELinux policy was not effective
in Fedoras.<br>
> <br>
> The puppet package update fixes one little issue (missing runtime<br>
> dependency) and corrects startup wrappers for systemd which puts Puppet<br>
> Master into the correct SELinux domain puppetmaster_t. Since this
has<br>
> some security impact, we have decided to backport this change into<br>
> Fedora 20 too.<br>
> <br>
> </font></tt><a href="https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20"><tt><font size=2>https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20</font></tt></a><tt><font size=2><br>
> <br>
> Until now, puppet master was running unconfined (this is a regression),<br>
> the update might need relabelling of the system (/etc/puppet,<br>
> /var/lib/puppet) or checking out audit.log. Please help me with testing<br>
> this update:<br>
> <br>
> yum --enablerepo=updates-testing update selinux-policy
puppet <br>
> puppet-server<br>
> <br>
> Thanks for help.<br>
> <br>
> --<br>
> Later,<br>
> <br>
> Lukas "lzap" Zapletal<br>
> irc: lzap #theforeman<br>
> -- <br>
> devel mailing list<br>
> devel@lists.fedoraproject.org<br>
> </font></tt><a href=https://admin.fedoraproject.org/mailman/listinfo/devel><tt><font size=2>https://admin.fedoraproject.org/mailman/listinfo/devel</font></tt></a><tt><font size=2><br>
> Fedora Code of Conduct: </font></tt><a href="http://fedoraproject.org/code-of-conduct"><tt><font size=2>http://fedoraproject.org/code-of-conduct</font></tt></a>
<br>
<br>
<br><font size=2 face="sans-serif">Okay, count me in. Is there a
BZ already in place for reporting issues or should such reports just go
straight to Bodhi, or simply back here?</font>
<br><font size=2 face="sans-serif"><br>
--<br>
John Florian</font>
<br>