Mike McGrath wrote:
On Mon, 1 Dec 2008, Luke Macken wrote:
> Yes, it's a nasty hack, but it works for now until puppet can
> handle this stuff better (the latest version may actually be able
> to, I'm not quite sure)
I don't know that puppet-0.24.6 handles that. It can set and restore
labels to files and dirs, but I don't recall seeing that it does
"semanage fcontext" tasks. I could easily be wrong though.
Side note about the new puppet version, I was going to do that this
week but I'll be in phoenix starting on Thursday until Monday (maybe
later depending on how things go). I don't want to change puppet
and have it do horrible things while I'm actually on site.
One thing to watch out for is performance. The selinux stuff in
0.24.6 adds a fairly large hit, as it shells out to stat and
matchpathcon for every file it touches (ouch!). This is rewritten to
use the ruby selinux bindings in 0.24.7 (supposedly due in the next
week or two). It also means that selinux support will only be
available where the rub selinux bindings are -- essentially, that's
recent Fedora and not RHEL at the moment.
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
I personally think we developed language because of our deep need to
-- Lily Tomlin