Fedora 20 Puppet update and SELinux policy

John.Florian at dart.biz John.Florian at dart.biz
Tue Apr 22 17:37:11 UTC 2014


> From: lzap at redhat.com
> To: <devel at lists.fedoraproject.org>
> Date: 04/22/2014 08:47
> 
> Hello,
> 
> we are rolling out update of Puppet to 3.4.3 in Fedora 20 and Rawhide 
that
> adds one important change. We have found that puppet master was running
> unconfined, therefore the Puppet SELinux policy was not effective in 
Fedoras.
> 
> The puppet package update fixes one little issue (missing runtime
> dependency) and corrects startup wrappers for systemd which puts Puppet
> Master into the correct SELinux domain puppetmaster_t. Since this has
> some security impact, we have decided to backport this change into
> Fedora 20 too.
> 
> https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20
> 
> Until now, puppet master was running unconfined (this is a regression),
> the update might need relabelling of the system (/etc/puppet,
> /var/lib/puppet) or checking out audit.log. Please help me with testing
> this update:
> 
>     yum --enablerepo=updates-testing update selinux-policy puppet 
> puppet-server
> 
> Thanks for help.
> 
> --
> Later,
> 
>  Lukas "lzap" Zapletal
>  irc: lzap #theforeman
> -- 
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct


Okay, count me in.  Is there a BZ already in place for reporting issues or 
should such reports just go straight to Bodhi, or simply back here?

--
John Florian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140422/963e6e9e/attachment.html>


More information about the devel mailing list