On 28/08/14 10:01, Dominic Cleal wrote: > 2. names of SELinux domains are most likely governed by the distribution > rather than the Puppet project, as at least in Fedora and EL, an SELinux > policy for Puppet is shipped as part of the base targeted policy and not > as part of Puppet. > > This means that Puppet should probably ship with a sane suggestion of > SELinux domains to transition to (e.g. the master application runs in > the puppetmaster_t domain), but packagers may want to be able to > override it relatively easily - perhaps this is a patch, but perhaps > something more like a config file containing a lookup table would be > easier to maintain.
An addendum: if a user installs Puppet from a gem or source (for instance) onto an OS release that doesn't have a working policy for that version of Puppet, they will probably want to disable the context switch. Config of this sort, or a command line argument might work? -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/53FEF2A4.1080100%40redhat.com. For more options, visit https://groups.google.com/d/optout.
