Best way to copy local changes between hosts
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 22 12:50:28 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/21/2011 05:47 PM, Erinn Looney-Triggs wrote:
> I am using puppet to manage my system configuration and I am
> looking for the best way to manage file context changes between
> multiple hosts.
>
> Basically I have some local changes that are held in
> /etc/selinux/targeted/modules/active/file_contexts.local, is it
> reasonable just to copy this file to hosts that need to be aware of
> the changes held therein or is there a better method?
>
> This would be implemented on RHEL 5 and 6 systems.
>
> Thanks, -Erinn
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
/etc/selinux/targeted/modules/active/file_contexts.local
# This file is only used when policy is updated
and
/etc/selinux/targeted/contexts/files/file_contexts.local
# This file is actually the one used by restorecon and rpm ...
Should be kept in sync, and would work on RHEL5 and RHEL6,
You could also use the method Dominick described for distributing all
local canonizations.
You might want to write puppet script that would dump local
customizations and check it versus global customizations, and apply
the global if they differ, since semanage -i will take a long time to run.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk57LxQACgkQrlYvE4MpobNtdQCgzoik2f4hNo++/pxWRVuxWfrK
P9QAoL4Gtks4ZfqY7hApKCmL2C6HNqnH
=6FSf
-----END PGP SIGNATURE-----
More information about the selinux
mailing list