Issue #11531 has been updated by Ken Barber. Category set to library Status changed from Unreviewed to Accepted Target version set to 1.6.x
---------------------------------------- Bug #11531: selinux fact can be wrong when livecd-tools is used https://projects.puppetlabs.com/issues/11531 Author: John Florian Status: Accepted Priority: Normal Assignee: Category: library Target version: 1.6.x Keywords: selinux livecd-tools livecd-creator python-imgcreate Branch: Affected Facter version: 1.6.2 My workstation has SEL enabled in Enforcing mode. I use puppet to manage cachefilesd where I have the following: <pre> file { "/etc/cachefilesd.conf": group => "root", mode => "0640", owner => "root", require => Package["cachefilesd"], source => $selinux ? { "false" => "puppet:///modules/cachefilesd/cachefilesd.conf-sel-disabled", default => "puppet:///modules/cachefilesd/cachefilesd.conf", }, } </pre> I've noticed recently that puppet cannot make it's mind up on which source to use for this file; it alternates between them. After some review of the selinux fact (/usr/lib/ruby/site_ruby/1.8/facter/selinux.rb), I believe I've found the problem. This fact looks for 'selinuxfs' in the content to learn the mount point for further interrogation. However, if livecd-tools' livecd-creator is being run simultaneously with facter, the following can happen: <pre> # grep selinuxfs /proc/self/mountinfo 25 18 0:13 / /sys/fs/selinux rw,relatime - selinuxfs selinuxfs rw 61 57 0:13 / /var/tmp/imgcreate-R2wmE6/install_root/sys/fs/selinux rw,relatime shared:16 - selinuxfs selinuxfs rw # getenforce Enforcing # facter selinux false </pre> As you can see, an unrelated entry matches and the fact gets mislead which results in the wrong value being yielded. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
