Issue #1852 has been updated by luke. Priority changed from Normal to High
---------------------------------------- Bug #1852: unexpected behaviour with selinux file options when ruby bindings are missing http://projects.reductivelabs.com/issues/show/1852 Author: mfournier Status: Accepted Priority: High Assigned to: Category: file Target version: Complexity: Unknown Affected version: 0.24.7 Keywords: selinux ruby binding It seems that if selinux ruby bindings are not available, the selinux parameters to the file type appear to work anyway, but in fact do not. In the following example we can see puppet trying to modify seluser and selrole (which is not necessary in this case) and failing to modify seltype, but without raising an error. <pre> [r...@kissrv20 ~]# ls -Z /tmp/test -rw-rw-r-- root adm root:object_r:tmp_t /tmp/test [r...@kissrv20 ~]# puppet /tmp/test.pp notice: //File[/tmp/test]/seluser: defined 'seluser' as 'root' notice: //File[/tmp/test]/selrole: defined 'selrole' as 'object_r' notice: //File[/tmp/test]/seltype: defined 'seltype' as 'mysql_etc_t' [r...@kissrv20 ~]# ls -Z /tmp/test -rw-rw-r-- root adm root:object_r:tmp_t /tmp/test </pre> In short: 0.24.6, slow but works out of the box on any system with selinux. 0.24.7, works only if libselinux-ruby is installed (currently only available on latest fedora), unexpected behaviour if not. Maybe it would be an idea to fallback to using the slow method from 0.24.6 in case the ruby bindings aren't available ? Or else puppet should fail or warn the user that selinux parameters are not supported without selinux bindings installed ? ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
