- From: Alex Howells <
>
- To:
- Subject: [chef] Re: SELinux - not supported?
- Date: Fri, 23 Dec 2011 00:37:20 +0000
On 22 December 2011 22:33, Burkholder, Peter
<
>
wrote:
>
Okay, no problem. I'll just add the file context like I did with Puppet:
>
>
{code}
>
seluser => "user_u",
>
selrole => "object_r",
>
seltype => "var_lib_t",
>
{code}
>
>
Oh, but wait, it seems there's no such support in Chef. Is that so? All I
>
can find are various open tickets such as:
>
http://tickets.opscode.com/browse/COOK-759
>
http://tickets.opscode.com/browse/COOK-347
>
http://tickets.opscode.com/browse/CHEF-1890
I would mirror the statements made by Matthew, and add that some of
the reason behind support for AppArmor (Ubuntu et al) being easier to
implement is due to it being path-based.
Drop the right support into /etc and you're pretty much done. Very
easy to accomplish.
As soon as you move to label-based approaches such as SELinux things
become significantly more complicated at pretty much every layer, from
filesystems on upward ;)
I'm sure the sentiment that "Patches are welcome!" would apply here...
Archive powered by MHonArc 2.6.16.