On 28/08/14 20:39, Lukáš Zapletal wrote: > An addendum: if a user installs Puppet from a gem or source (for > instance) onto an OS release that doesn't have a working policy for > that > version of Puppet, they will probably want to disable the context > switch. Config of this sort, or a command line argument might work? > > > This is contradictory to your context switch before reading config > suggestion.
Indeed, to an extent. I was thinking of something more hard coded for SELinux contexts, while ensuring a context switch before "puppet ... --config [path]" allowed reading of arbitrary files > I think when using a gem install, no SELinux transition should be ever > commited. It is not expected to have SELinux protection for gems. So by > default this would be turned off and distributions would turn this on. > > As you suggest, if this (and the domains to transition into) are in a > separate "support" file, this would make distribution patching piece of > cake. This would require three "echo" commands in a SPEC file (turn on, > domain for puppet master, domain for puppet ca). Yeah, that makes sense I think. -- Dominic Cleal Red Hat Engineering -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/54002E84.1020203%40redhat.com. For more options, visit https://groups.google.com/d/optout.
