search for: puppet_var_lib_t

...Found seluser default ''system_u'' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrole: Found selrole default ''object_r'' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/seltype: Found seltype default ''puppet_var_lib_t'' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/client_data]/selrange: Found selrange default ''s0'' for /var/lib/puppet/client_data debug: /File[/var/lib/puppet/ssl/private_keys]/seluser: Found seluser default ''system_u'' for /var/lib/puppet/...

...: (/File[/var/lib/puppet/.puppet/ssl/certs/ca.pem]/selrole) Found selrole default ''object_r'' for /var/lib/puppet/.puppet/ssl/certs/ca.pem Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: (/File[/var/lib/puppet/.puppet/ssl/certs/ca.pem]/seltype) Found seltype default ''puppet_var_lib_t'' for /var/lib/puppet/.puppet/ssl/certs/ca.pem Aug 7 14:33:38 puppetmaster-02 puppet-master[27451]: (/File[/var/lib/puppet/.puppet/ssl/certs/ca.pem]/seltype) Found seltype default ''puppet_var_lib_t'' for /var/lib/puppet/.puppet/ssl/certs/ca.pem Aug 7 14:33:38 puppetmaster...

...ow httpd_t bin_t:file entrypoint; allow httpd_t passenger_t:process sigchld; allow httpd_t passenger_t:unix_stream_socket { getattr accept read write }; optional_policy(` puppet_manage_lib(httpd_t) puppet_search_log(httpd_t) puppet_search_pid(httpd_t) allow httpd_t puppet_var_lib_t:file { relabelfrom relabelto }; ') #============= passenger_t ============== allow passenger_t devpts_t:dir search; allow passenger_t httpd_t:process { siginh rlimitinh transition noatsecure }; allow passenger_t self:capability { sys_resource sys_ptrace }; allow passenger_t self:process setexe...

...IMPORTANT *********************** To make this policy package active, execute: semodule -i puppet.pp But in installing the module I get an error I've never seen before: #semodule -i puppet.pp libsepol.print_missing_requirements: foreman's global requirements were not met: type/attribute puppet_var_lib_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! I will say that I'm getting much better at working through SELinux issues. I've come a long way from when I was taught by a senior admin I was working with t...

...elgate.net> > wrote: > >> On Sat, 20 Jun 2015, Tim Dunphy wrote: >> >I wrote: >> >> >> That suggests there's already a module named puppet, and thus you are >> >> replacing it with the one you made which does not supply the >> >> puppet_var_lib_t type. Always prefix your own modules with something >> >> that makes them almost certain to be unique, e.g., yourdom_puppet. >> >> >> > >> >No, actually I didn't compile my own selinux module. :) Not sure how you >> >got that idea, but that is...

...var/lib/puppet/rrd]/seluser: Found seluser default ''system_u'' for /var/lib/puppet/rrd debug: /File[/var/lib/puppet/rrd]/selrole: Found selrole default ''object_r'' for /var/lib/puppet/rrd debug: /File[/var/lib/puppet/rrd]/seltype: Found seltype default ''puppet_var_lib_t'' for /var/lib/puppet/rrd debug: /File[/var/lib/puppet/rrd]/selrange: Found selrange default ''s0'' for /var/lib/puppet/rrd debug: Finishing transaction 70054934905120 debug: Recieved report to process from ms1 debug: Processing report from ms1 with processor Puppet::Report...

...gt; >>>> On Sat, 20 Jun 2015, Tim Dunphy wrote: >>>>> I wrote: >>>>>> That suggests there's already a module named puppet, and thus you are >>>>>> replacing it with the one you made which does not supply the >>>>>> puppet_var_lib_t type. Always prefix your own modules with something >>>>>> that makes them almost certain to be unique, e.g., yourdom_puppet. >>>>>> >>>>> No, actually I didn't compile my own selinux module. :) Not sure how you >>>>> got that i...

...gt;> >>> On Sat, 20 Jun 2015, Tim Dunphy wrote: >>> >I wrote: >>> >>> >> That suggests there's already a module named puppet, and thus you are >>> >> replacing it with the one you made which does not supply the >>> >> puppet_var_lib_t type. Always prefix your own modules with something >>> >> that makes them almost certain to be unique, e.g., yourdom_puppet. >>> >> >>> > >>> >No, actually I didn't compile my own selinux module. :) Not sure how you >>> >got th...