Issue #8714 has been updated by Sean Millichamp. Status changed from Needs More Information to In Topic Branch Pending Review Branch set to https://github.com/puppetlabs/puppet/pull/563
I believe I have found and fixed the problem. The Puppet SELinux code used a non-symlink safe bit of code in one section. After reviewing that section I believe the code to be unnecessary (and, in this case harmful) and was likely the result of my failing to fully understand how Puppet did things with the file resource when I originally implemented it. My pull request is https://github.com/puppetlabs/puppet/pull/563 PLEASE test this. It seems to solve the problem for me, but I'd like to make it that it does for others too (and also doesn't cause new/additional issues). Thanks! ---------------------------------------- Bug #8714: Changing SELinux contexts on symlinks requires the '-h' parameter in chcon https://projects.puppetlabs.com/issues/8714#change-56199 Author: Ioannis Aslanidis Status: In Topic Branch Pending Review Priority: Normal Assignee: Sean Millichamp Category: SELinux Target version: Affected Puppet version: 2.6.13 Keywords: Branch: https://github.com/puppetlabs/puppet/pull/563 There is a problem when trying to chance SELinux contexts through puppet. Looks like puppet does not call **chcon** with the **-h** parameter. # ls -ald /home/file/test lrwxrwxrwx 1 root root 20 Aug 1 12:23 /home/file/test -> /mnt/file/test # chcon -v -t user_home_t test failed to change context of test to system_u:object_r:user_home_t chcon: failed to change context of test to system_u:object_r:user_home_t: Operation not supported # chcon -v -h -t user_home_t test context of /home/file/test changed to system_u:object_r:user_home_t This results in puppet trying to change the SELinux contexts on every run without success and without knowing that it actually failed. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
