- From: "Burkholder, Peter" <
>
- To: "
" <
>
- Subject: [chef] SELinux - not supported?
- Date: Thu, 22 Dec 2011 17:33:15 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
Hi Chef Users:
My initial NTP cookbook failed on a fresh RHEL 5.7 install because the new
config file had the wrong selinux context.
{code}
$ ls -Z /var/lib/chef/etc/ntp.conf.chef-20111222165615 /etc/ntp.conf
-rw-r--r-- root root user_u:object_r:tmp_t:s0 /etc/ntp.conf
-rw-r--r-- root root user_u:object_r:var_lib_t:s0
/var/lib/chef/etc/ntp.conf.chef-20111222165615
{code}
Okay, no problem. I'll just add the file context like I did with Puppet:
{code}
seluser => "user_u",
selrole => "object_r",
seltype => "var_lib_t",
{code}
Oh, but wait, it seems there's no such support in Chef. Is that so? All I
can find are various open tickets such as:
http://tickets.opscode.com/browse/COOK-759
http://tickets.opscode.com/browse/COOK-347
http://tickets.opscode.com/browse/CHEF-1890
The current cookbook says only this, "users are recommended to set SELinux to
permissive mode, or disabled completely."
I'm surprised and disappointed that this is the case. Is there really no one
using SeLinux under Chef? Or is there a secret I'm not yet in on?
Thanks,
Peter
--
Peter Burkholder | Sr. System Administrator (consultant)
AARP | Digital Strategy & Operations | 601 E Street NW | Washington, DC 20049
| aim: peterbtech | w: 202-434-3530 | c: 202-344-7129
For optimal efficiency, I check email at 2-hour intervals during the workday
(except when on-call). Please use IM or phone to contact me for urgent
matters
- [chef] SELinux - not supported?, Burkholder, Peter, 12/22/2011
Archive powered by MHonArc 2.6.16.