[Facter - Bug #11531] (Unreviewed) selinux fact can be wrong when livecd-tools is used

Wed, 21 Dec 2011 12:33:05 -0800 

Issue #11531 has been reported by John Florian.

----------------------------------------
Bug #11531: selinux fact can be wrong when livecd-tools is used
https://projects.puppetlabs.com/issues/11531

Author: John Florian
Status: Unreviewed
Priority: Normal
Assignee: 
Category: 
Target version: 
Keywords: selinux livecd-tools livecd-creator python-imgcreate
Branch: 
Affected Facter version: 1.6.2


My workstation has SEL enabled in Enforcing mode.  I use puppet to manage 
cachefilesd where I have the following:

<pre>
        file { "/etc/cachefilesd.conf":
            group   => "root",
            mode    => "0640",
            owner   => "root",
            require => Package["cachefilesd"],
            source  => $selinux ? {
                "false" => 
"puppet:///modules/cachefilesd/cachefilesd.conf-sel-disabled",
                default => "puppet:///modules/cachefilesd/cachefilesd.conf",
            },
        }
</pre>

I've noticed recently that puppet cannot make it's mind up on which source to 
use for this file; it alternates between them.  After some review of the 
selinux fact (/usr/lib/ruby/site_ruby/1.8/facter/selinux.rb), I believe I've 
found the problem.  This fact looks for 'selinuxfs' in the content to learn the 
mount point for further interrogation.  However, if livecd-tools' 
livecd-creator is being run simultaneously with facter, the following can 
happen:

<pre>
# grep selinuxfs /proc/self/mountinfo
25 18 0:13 / /sys/fs/selinux rw,relatime - selinuxfs selinuxfs rw
61 57 0:13 / /var/tmp/imgcreate-R2wmE6/install_root/sys/fs/selinux rw,relatime 
shared:16 - selinuxfs selinuxfs rw
# getenforce
Enforcing
# facter selinux
false
</pre>

As you can see, an unrelated entry matches and the fact gets mislead which 
results in the wrong value being yielded.



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to