Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Branan Riley updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Branan Riley Labels: SELinux linux redhat selinux triaged type_and_provider Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Henrik Lindberg updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Henrik Lindberg Labels: SELinux triaged Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title
Jordan Conway commented on PUP-5649
Re: "syncversion" maybe obsolete for selmodule type in Fedora >= 23
I got hit with this on CentOS 7.3, here's the hacky workaround I put in my base profile that quiets things in the meantime. Similar could be used for Fedora >=23 but I don't have any Fedora machines.
if $::operatingsystemrelease >= '7.3' {
Selmodule <|tag == 'selinux::module::redhat'|> { syncversion => undef }
}
Add Comment
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Aaron Russo commented on PUP-5649 Re: "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Looks like SELinux CIL has no concept of a version, so extracting a version may no longer be possible.[1][2] One solution I can think of is to treat selmodule resources similar to service resources – a service resource only starts a service if it's not started, but another resource can notify it to trigger a restart. Applying that to selmodule – if the module is installed, do nothing, but if another resource notifies it, reinstall the module. [1] https://github.com/SELinuxProject/selinux/commit/e599a4318409b317b023bda2381034f80f4b6df5 [2] http://marc.info/?l=selinux=124759244409438=2 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Eric Thompson updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Eric Thompson Team: Agent & Platform Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Aaron Russo commented on PUP-5649 Re: "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Seems Red Hat may have rebased onto selinux userspace 2.5 for RHEL 7.3, bringing this change along with it. A bug has been filed with Red Hat since this was an unexpected change: https://bugzilla.redhat.com/show_bug.cgi?id=1392573 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Kenn Hussey updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Kenn Hussey Sprint: Client Triage Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title David Kramer updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: David Kramer Labels: SELinux Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title
Kylo Ginsberg updated an issue
Puppet / PUP-5649
"syncversion" maybe obsolete for selmodule type in Fedora >= 23
Change By:
Kylo Ginsberg
Under CentOS 7, semodule -l (which the selmodule provider uses to check the loaded module version) returns a version number, e.g. (from CentOS 7): {code} root@srv-cfgmgt ~ # semodule -labrt 1.4.1 accountsd 1.1.0 acct 1.6.0 afs 1.9.0 aiccu 1.1.0 aide 1.7.1 ajaxterm 1.0.0 alsa 1.12.2 {code} Under Fedora 23, the output looks like this (e.g. no version specified): {code} # semodule -l | head -10abrtaccountsdacctafsaiccuaideajaxtermalsaamandaamtu {code} This causes "syncversion" to *always* report true when set, and always result in an active resource.My policycoreutils level on F23 is policycoreutils-2.4-18.fc23.x86_64
Add Comment
This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
--
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at https://groups.google.com/group/puppet-bugs.
For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Kylo Ginsberg updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Kylo Ginsberg Sprint: Client Triage Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Kylo Ginsberg assigned an issue to Unassigned Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Kylo Ginsberg Assignee: Kylo Ginsberg Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Henrik Lindberg updated an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Change By: Henrik Lindberg Scrum Team: Client Platform Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Ben Ford commented on PUP-5649 Re: "syncversion" maybe obsolete for selmodule type in Fedora >= 23 This is going to be the behavior in RHEL/CentOS 8, so we should get on top of this soon. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5649) "syncversion" maybe obsolete for selmodule type in Fedora >= 23
Title: Message Title Martin Jackson created an issue Puppet / PUP-5649 "syncversion" maybe obsolete for selmodule type in Fedora >= 23 Issue Type: Bug Affects Versions: PUP 4.3.1 Assignee: Kylo Ginsberg Components: Types and Providers Created: 2016/01/04 6:31 PM Environment: Fedora F22 packages/Puppet 4.3.1 code running on Fedora 23 Priority: Normal Reporter: Martin Jackson Under CentOS 7, semodule -l (which the selmodule provider uses to check the loaded module version) returns a version number, e.g. (from CentOS 7): root@srv-cfgmgt ~ semodule -l abrt 1.4.1 accountsd 1.1.0 acct 1.6.0 afs 1.9.0 aiccu 1.1.0 aide 1.7.1 ajaxterm 1.0.0 alsa 1.12.2 Under Fedora 23, the output looks like this (e.g. no version specified):
