(#3999) Allow disabling of default SELinux context detection for files
ac2262d071ccUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#3999) Allow disabling of default SELinux context detection for files

In most cases on a system with SELinux, it is preferred to use
the SELinux matchpathcon call to determine the default context that
a file should have to make sure that files Puppet modifies are
labeled with the correct SELinux security context.

In the event that you wanted to override some or all of the default
context, you can use the SELinux attributes Puppet provides to do
that. If left unspecified the defaults will apply if matchpathcon has
defaults.

This patch adds a new selinux_ignore_defaults parameter which
will cause Puppet to assume no defaults, allowing the file's
SELinux label to be left unmodified, if desired.

Originally-by: Sean Millichamp <sean@bruenor.org>
Signed-off-by: Jesse Wolfe <jes5199@gmail.com>

Details

Provenance

Jesse Wolfe <jes5199@gmail.com>	Authored on
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU1172a4ee5004: Merge branch 'ticket/2.6.next/6322' into 2.6.next

Branches

Unknown

Tags

Unknown

Event Timeline

Jesse Wolfe <jes5199@gmail.com> committed rPUac2262d071cc: (#3999) Allow disabling of default SELinux context detection for files (authored by Jesse Wolfe <jes5199@gmail.com>).Feb 25 2011, 10:46 PM

Changes (2)

Path

Size

lib/

puppet/

type/

file/

selcontext.rb

spec/

unit/

type/

file/

selinux_spec.rb

rPUac2262d071cc

View Options

lib/puppet/type/file/selcontext.rb