In the last few days I've upgraded a couple test systems to RHEL 7.3,
and with that came a new version of policycoreutils (named 2.5-9.el7,
up from 2.2.5-20). I found where some time ago the 'semodule' command
was modified to remove the version information from the output, which
has an unintended side effect of breaking my puppet modules that
maintain local selinux modules and verify the version running is equal
to the one in the manifest. The comment in the checkin (e599a4)
states that CIL does not have a concept of versions, so it's being
removed.
My question is, what is a good way to determine that the module that
is installed and running matches the one in a specific .te file? I
could of course tell puppet to trigger a rebuild of the .pp file if
the .te has been modified, but it seems without rebuilding and/or
reinstalling every puppet run there's no good way to verify that the
version in memory is the one I've intended.
--
Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci
Princeton University | ICBM Address: 40.346344 -74.652242
345 Lewis Library |"On my ship, the Rocinante, wheeling through
Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus,
(267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1'