On Mon, Mar 7, 2016 at 11:20 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> It may be preferable to label the /var/lib/puppet/ssl/* directories as
> certmonger_var_lib_t but I don't know what would do to puppet. You could
> trade one problem for another. A BZ against selinux might be warranted
> to see what they think.

Thanks for the detailed instructions!

I found the issue https://bugzilla.redhat.com/show_bug.cgi?id=1062470 where
certmonger was granted READ access to Puppet libs. I wonder why WRITE
access was not added?

Best regards,
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to