search for: selboolean

On 04/12/2016 02:31 PM, James Hogarth wrote: > For example: > > unless => "/usr/sbin/getsebool httpd_can_network_connect | /usr/bin/grep on > &> /dev/null" D'oh! That's what I get for overcomplicating the whole darn thing. :) > > Incidentally one nice trick if you're dealing with potentially changing > multiple booleans and the policy compile

...t systems should come up in a ready state, regardless > of the immediate availability of puppet. So, using puppet to push > SELinux changes without committing to on-disk policy alarms me. I'm not sure I entirely understand this discussion. Isn't this what puppet does by default with selboolean? # puppet resource selboolean httpd_can_network_connect value=on persistent=true --debug Debug: Runtime environment: puppet_version=3.8.6, ruby_version=2.0.0, run_mode=user, default_encoding=UTF-8 Debug: Loaded state in 0.15 seconds Debug: Selboolean[httpd_can_network_connect](provider=getsetseboo...

Out of faint curiosity, how do we push change requests upstream to RHEL? I'm using puppet to automate systems, including the application of SELinux policy. While setsebool -P is non-damaging to repeat, it is time consuming -- taking about 45 seconds per execution to process the existing policy and re-commit to disk. I'd like a simple ability to put an unless in the execution of

...if it''s "right"..... Thanks! # cat manifests/master-config.pp include epel class { ''puppetdb'': listen_address => ''puppet.example.com'', open_listen_port => true, } class { ''puppetdb::master::config'': } selboolean { "httpd_can_network_connect": persistent => true, value => on, } # puppet apply master-config.pp Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera defaults Error: Could not start Service[puppetmaster]: Execution of ''/sbin/service puppet m...