Paul Nasrat wrote: > On 9 March 2011 14:00, Todd Zullinger <[email protected]> wrote: >> Paul Nasrat wrote: >>> You've also changed the rule to use Current mode not Mode from >>> config file, was this intentiional have you tested on rhel4, rhel5, >>> rhel6 and non-rhel selinux systems? >> It seems like a different bug that the current fact was grepping >> "Policy from config file:" from the sestatus output for selinux_mode. >> That's not the mode, it's the policy type. Using "Mode from config >> file:" would have been more accurate for selinux_mode. But IMO using >> "Current mode:" seems even better (assuming it falls back properly if >> older systems lack that in the sestatus output). >> >> Whether folks were using the selinux_mode fact to get what was really >> the selinux policy type and will be burned by this change is another >> matter, of course. > > Yeah - poorly defined fact purposes bite us again. I'd say for 1.5.x > we might want to maintain old behaviour to not break policy type > clients and breaking changes when we break the world in 2.0. > > Paul >
I've deliberately changed this because the original use of mode from policy is totally wrong IMHO. I've reached out to the original author for some feedback on why he chose that but I suspect if anyone is using it (and I doubt it) the change won't be substantive as you rarely have a mode in config that differs from the running mode - at least not for long. It's an easy change either way. James -- James Turnbull Puppet Labs 1-503-734-8571 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
