Fedora 20 Puppet update and SELinux policy
Lukas Zapletal
lzap at redhat.com
Tue Apr 22 12:46:33 UTC 2014
Hello,
we are rolling out update of Puppet to 3.4.3 in Fedora 20 and Rawhide that
adds one important change. We have found that puppet master was running
unconfined, therefore the Puppet SELinux policy was not effective in Fedoras.
The puppet package update fixes one little issue (missing runtime
dependency) and corrects startup wrappers for systemd which puts Puppet
Master into the correct SELinux domain puppetmaster_t. Since this has
some security impact, we have decided to backport this change into
Fedora 20 too.
https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20
Until now, puppet master was running unconfined (this is a regression),
the update might need relabelling of the system (/etc/puppet,
/var/lib/puppet) or checking out audit.log. Please help me with testing
this update:
yum --enablerepo=updates-testing update selinux-policy puppet puppet-server
Thanks for help.
--
Later,
Lukas "lzap" Zapletal
irc: lzap #theforeman
More information about the devel
mailing list