Issue #19723 has been updated by Steven Post.
Hi,
We are experiencing the same issue using JBoss EAP 6.1.1 (based on AS 7.2), but
with selinux set to permissive.
The issue is not puppet, but JBoss.
To answer your question: yes, there is.
You can use the 'selinux_ignore_defaults' parameter on a 'file' resource in
puppet, this will cause puppet to not even try to correct the selinux context.
I haven't tested this in combination with other selinux parameters on the file
in puppet, but it does its job in my case at least.
Best regards,
Steven
----------------------------------------
Bug #19723: SELinux file{seluser} changing when not defined.
https://projects.puppetlabs.com/issues/19723#change-99682
* Author: Curtis Ruck
* Status: Needs Decision
* Priority: Normal
* Assignee:
* Category: SELinux
* Target version:
* Affected Puppet version: 3.1.0
* Keywords: selinux, JBoss
* Branch:
----------------------------------------
I have an issue with file{seluser}. When RHEL6 in enforcing mode, and the
server starts (init 3) the services start with a context of
`system_u:system_r:initrc_t:s0`. When using the service command to restart
services, they start with unconfined_u:unconfined_r:initrc_t. My services
(JBoss 7.1.1.Final) rewrites their configuration file (`standalone.xml`) with
no changes "just because". I am managing the `standalone.xml` file via puppet,
with a notify=>Service['JBoss']. Ergo, when the server starts everything is
fine until the service is manually, or restarted via pupppet. If the services
are restarted the process's context to the initiator's context
(`unconfined_u`), which then rewrites the `standalone.xml` file as
`unconfined_u`, then puppet changes the file to `system_u`, and restarts JBoss,
which then recreates the problem and puppet restarts JBoss.
Is there anyway to make file optionally not change seluser if it is not defined?
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/groups/opt_out.
