Change request: SELinux tweaks.
Todd Zullinger
tmz at pobox.com
Mon Dec 1 17:17:29 UTC 2008
Mike McGrath wrote:
> On Mon, 1 Dec 2008, Luke Macken wrote:
>> Yes, it's a nasty hack, but it works for now until puppet can
>> handle this stuff better (the latest version may actually be able
>> to, I'm not quite sure)
I don't know that puppet-0.24.6 handles that. It can set and restore
labels to files and dirs, but I don't recall seeing that it does
"semanage fcontext" tasks. I could easily be wrong though.
> Side note about the new puppet version, I was going to do that this
> week but I'll be in phoenix starting on Thursday until Monday (maybe
> later depending on how things go). I don't want to change puppet
> and have it do horrible things while I'm actually on site.
One thing to watch out for is performance. The selinux stuff in
0.24.6 adds a fairly large hit, as it shells out to stat and
matchpathcon for every file it touches (ouch!). This is rewritten to
use the ruby selinux bindings in 0.24.7 (supposedly due in the next
week or two). It also means that selinux support will only be
available where the rub selinux bindings are -- essentially, that's
recent Fedora and not RHEL at the moment.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I personally think we developed language because of our deep need to
complain.
-- Lily Tomlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20081201/b5231773/attachment.bin
More information about the infrastructure
mailing list