From: Craig.Grube@cobham.com (Craig Grube) Date: Tue, 29 Sep 2009 07:26:53 -0400 Subject: [refpolicy] resubmitted puppet.patch In-Reply-To: <20090929093142.GF10400@notebook3.grift.internal> References: <776FA2A8-8A8B-4F20-8C1C-BD59111C31E7@cobham.com> <20090929093142.GF10400@notebook3.grift.internal> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sep 29, 2009, at 5:31 AM, Dominick Grift wrote: > On Mon, Sep 28, 2009 at 05:18:03PM -0400, Craig Grube wrote: >> Attached is a new version of the patch for the Puppet configuration >> management client and server services. It includes some minor >> modifications that were identified during further testing, and >> removed some interfaces not required by the client service. >> >> If additional changes are needed or the patch should be broken into >> multiple patches, I can do so. > > +rw_files_pattern(puppetmaster_t, puppet_log_t, puppet_log_t) > > Now we're effectively down to manage_files_pattern again. When enforcing with the unconfined policy not loaded puppetmasterd won't start without rw perms on its http server log files. I'm in the process of modifying the puppet source to open the http server logs append only, but am not sure how long that will take given other commitments I have and thought it worthwhile to get the updated policy patch out. -- Craig Grube