Hi!

On Mon, Mar 7, 2016 at 11:20 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> It may be preferable to label the /var/lib/puppet/ssl/* directories as
> certmonger_var_lib_t but I don't know what would do to puppet. You could
> trade one problem for another. A BZ against selinux might be warranted
> to see what they think.
>

Thanks for the detailed instructions!

I found the issue https://bugzilla.redhat.com/show_bug.cgi?id=1062470 where
certmonger was granted READ access to Puppet libs. I wonder why WRITE
access was not added?

Best regards,
Thomas
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to