Issue #10084 has been updated by Sean Millichamp.
In general, even when debugging an SELinux problem, they are probably not typically useful. I used them when I was developing the support way back when and have grumbled about them filling my debug output since. However, I have stopped short of submitting a patch to remove them because, to Mike's point, they do fully explain what is going on - even if it is a lot of noise 99% of the time. I could be persuaded either way on this. Perhaps an acceptable compromise would be to enhance the file type documentation slightly to say something along the lines of "if you need to determine what default value Puppet will be using for a given resource, you should run 'matchpathcon <full path>'" and then remove the debug statements. ---------------------------------------- Bug #10084: Debug output includes way too much selinux details. https://projects.puppetlabs.com/issues/10084 Author: Jo Rhett Status: Needs Decision Priority: Normal Assignee: Sean Millichamp Category: Target version: 2.7.x Affected Puppet version: 2.6.11 Keywords: Branch: When I run "puppet agent --debug" I get about 1400 lines of selinux details, and about 120 lines of actual debug. These aren't actually changes to selinux attributes, just noting the selinux attribute of every file opened. debug: /File[/etc/puppet/auth.conf]/seluser: Found seluser default 'system_u' for /etc/puppet/auth.conf debug: /File[/etc/puppet/auth.conf]/selrole: Found selrole default 'object_r' for /etc/puppet/auth.conf debug: /File[/etc/puppet/auth.conf]/seltype: Found seltype default 'etc_t' for /etc/puppet/auth.conf debug: /File[/etc/snmp/snmpd.conf]/seluser: Found seluser default 'system_u' for /etc/snmp/snmpd.conf debug: /File[/etc/snmp/snmpd.conf]/selrole: Found selrole default 'object_r' for /etc/snmp/snmpd.conf debug: /File[/etc/snmp/snmpd.conf]/seltype: Found seltype default 'etc_t' for /etc/snmp/snmpd.conf debug: /File[/etc/nsswitch.conf]/seluser: Found seluser default 'system_u' for /etc/nsswitch.conf debug: /File[/etc/nsswitch.conf]/selrole: Found selrole default 'object_r' for /etc/nsswitch.conf debug: /File[/etc/nsswitch.conf]/seltype: Found seltype default 'etc_t' for /etc/nsswitch.conf I believe that this is unnecessary debug and makes it very difficult to track down other problems. Would Puppetlabs accept a feature request to move this selinux attribute echoing to higher or different debug level? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
