Issue #17488 has been updated by Lubomir Rintel. File selinux-debug.txt added Status changed from Needs More Information to Tests Insufficient Assignee changed from Lubomir Rintel to Jeff McCune
Hi Jeff, thank you for your response. It seems that Puppet SELinux support silently disables itself if Ruby SELinux bindings are not installed. If you're on Fedora or RHEL `yum -y install libselinux-ruby` will do the trick and you'll be able to reproduce the issue. I'm attaching the output of debugging runs as well. ---------------------------------------- Bug #17488: Puppet needlessly crashes when run unptivileged even with --noop https://projects.puppetlabs.com/issues/17488#change-76191 Author: Lubomir Rintel Status: Tests Insufficient Priority: Normal Assignee: Jeff McCune Category: user Target version: 2.7.x Affected Puppet version: 2.7.18 Keywords: Branch: https://github.com/puppetlabs/puppet/pull/1269 I'm mostly opening this to satisfy comments in [pull request 1022](https://github.com/puppetlabs/puppet/pull/1022) even though I believe the commit and pull comments were sufficiently descriptive. Will open a new pull request, since the old one was closed due to my unresponsiveness. Repeating them here: ### Problem scope I often run puppet --noop unprivileged to conduct a basic sanity check of the recipes (such as checking for duplicate definitions or syntax errors). These changesets fix unnecessary abort that cause puppet to stop way too early. ### First fix Capture access violations for selinux context of file resources and deal with them gracefully without aborting the run. A simple reproducer of the problem (abort), to be run unprivileged: <pre> puppet apply --execute "file { '/root/chuj': ensure => absent; }" </pre> ### Second fix Don't abort while checking managedhome on nonexistent user provider. The user resource itself should fail itself and this prevents falling back to that. Simple test case (unprivileged): <pre> before$ puppet apply --execute 'user { "kokot": managehome => true }' Parameter managehome failed: Validate method failed for class managehome: undefined method `manages_homedir?' for NilClass:Class </pre> <pre> after$ puppet apply --execute 'user { "kokot": managehome => true }' err: Could not find a suitable provider for user notice: Finished catalog run in 0.10 seconds </pre> ### Test suite Unfortunately I can not write tests for this; since I could not get Puppet test suite pass sufficiently well on my laptop and I have no idea how is it supposed to work, let alone testing for fixes for issues that exhibit different behaviour when run privileged. I would be very thankful if anyone could assist. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
