Issue #1725 has been updated by seanmil. Status changed from Accepted to Closed
This will be addressed by the switch to native Ruby bindings for SELinux as discussed in #1702. ---------------------------------------- Bug #1725: Paths should be quoted when passed to syscalls http://projects.reductivelabs.com/issues/show/1725 Author: abnormaliti Status: Closed Priority: Low Assigned to: seanmil Category: file Target version: 0.24.7 Complexity: Trivial Affected version: 0.24.6 Keywords: After upgrading to 0.24.6 i notice alot of "sh:" errors. Investigations revealed this was due to the selinux implementation and specifically the "matchpathcon" calls. As it turns out the file names being generated by the shorewall module i am using are bad, which i will fix, but paths should be quoted to prevent the shell from interfering. <pre> debug: /File[/var/lib/puppet/modules/shorewall/policy.d/100-fw -> net]/seluser: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/policy.d/100-fw -> net' sh: net: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/policy.d/100-fw -> net]/selrole: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/policy.d/100-fw -> net' sh: net: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/policy.d/100-fw -> net]/seltype: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/policy.d/100-fw -> net' sh: net: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/policy.d/100-fw -> net]/selrange: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/policy.d/100-fw -> net' sh: net: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz]/seluser: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz' sh: loc-: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz]/selrole: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz' sh: loc-: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz]/seltype: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz' sh: loc-: Permission denied debug: /File[/var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz]/selrange: Executing '/usr/sbin/matchpathcon /var/lib/puppet/modules/shorewall/rules.d/303-fw->loc->tcp_dns_dmz' sh: loc-: Permission denied </pre> ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
