puppet-puppetboard icon indicating copy to clipboard operation
puppet-puppetboard copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

params class leaks wrong selinux context

Open vchepkov opened this issue 7 years ago • 3 comments

params.pp sets the following SELinux context for all File resources on Redhat:

File {
  seltype => 'httpd_sys_content_t',
}

This attribute 'leaks' even to files that shouldn't have this context set, for example, /etc/httpd/conf.d/puppetboard.conf, which should have httpd_config_t.

In addition, I think module's attribute manage_selinux should also cover seltype, not just selbooleans

vchepkov avatar Sep 29 '18 14:09 vchepkov

Hi @vchepkov, thanks for bringing this up. Are you able to provide a fix for this bug?

bastelfreak avatar Sep 29 '18 19:09 bastelfreak

I have slapped a couple of fixes for SELinux and it works for me, but I wouldn't know how to supply tests for this and usually this is where my fixes dies :( I can try though

vchepkov avatar Sep 29 '18 19:09 vchepkov

Just provide what you can and we work together through the tests. Also you can always ask questions in our IRC channel #voxpupuli on freenode or on https://puppetcommunity.slack.com

bastelfreak avatar Sep 29 '18 19:09 bastelfreak

@bastelfreak @vchepkov is this issue still valid? I can't even find params.pp :sweat_smile:

d1nuc0m avatar Apr 02 '24 11:04 d1nuc0m

params.pp was removed in commit 5b643d9e133ad544ba0e976b099b112571e0b8ae (#318) so I'll close this.

kenyon avatar Apr 02 '24 18:04 kenyon