Attached is a new version of the patch for the Puppet configuration
management client and server services. It includes some minor
modifications that were identified during further testing, and removed
some interfaces not required by the client service.
If additional changes are needed or the patch should be broken into
multiple patches, I can do so.
--
Craig Grube
-------------- next part --------------
A non-text attachment was scrubbed...
Name: puppet.patch
Type: application/octet-stream
Size: 13608 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090928/de6c5bed/attachment.obj
-------------- next part --------------
On Mon, Sep 28, 2009 at 05:18:03PM -0400, Craig Grube wrote:
> Attached is a new version of the patch for the Puppet configuration
> management client and server services. It includes some minor
> modifications that were identified during further testing, and
> removed some interfaces not required by the client service.
>
> If additional changes are needed or the patch should be broken into
> multiple patches, I can do so.
>
> --
> Craig Grube
>
+rw_files_pattern(puppetmaster_t, puppet_log_t, puppet_log_t)
Now we're effectively down to manage_files_pattern again.
>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090929/af0b986d/attachment.bin
On Sep 29, 2009, at 5:31 AM, Dominick Grift wrote:
> On Mon, Sep 28, 2009 at 05:18:03PM -0400, Craig Grube wrote:
>> Attached is a new version of the patch for the Puppet configuration
>> management client and server services. It includes some minor
>> modifications that were identified during further testing, and
>> removed some interfaces not required by the client service.
>>
>> If additional changes are needed or the patch should be broken into
>> multiple patches, I can do so.
>
> +rw_files_pattern(puppetmaster_t, puppet_log_t, puppet_log_t)
>
> Now we're effectively down to manage_files_pattern again.
When enforcing with the unconfined policy not loaded puppetmasterd
won't start without rw perms on its http server log files.
I'm in the process of modifying the puppet source to open the http
server logs append only, but am not sure how long that will take given
other commitments I have and thought it worthwhile to get the updated
policy patch out.
--
Craig Grube