[chef] Re: Re: SELinux - not supported?

[Ranjib Dey < >]

 i second this statement. I do agree that chef install base on rhel/centos is relatively smaller than the debian/ubuntu, but its decently big. ThoughtWorks internally runs on centos, and most of our client too  runs on rhel or centos or amazon linux. Although as of now theres hardly any support for selinux in chef , but we should definitely plan for it, bring security context inside file base class. Sean was already working on it, i had tested the initial versions, but some how we lost the tempo. But i guess time has come to revive the effort..

and we should definitely discourage disabling selinux (unless some other alternative like AppArmor is in place)

my 2 cents

On Fri, Dec 23, 2011 at 4:51 AM, Matthew Kent < "> > wrote:

On Thu, Dec 22, 2011 at 2:33 PM, Burkholder, Peter < "> > wrote:
> Oh, but wait, it seems there's no such support in Chef.  Is that so?  All I can find are various open tickets such as:
> http://tickets.opscode.com/browse/COOK-759
> http://tickets.opscode.com/browse/COOK-347
> http://tickets.opscode.com/browse/CHEF-1890
>
> The current cookbook says only this, "users are recommended to set SELinux to permissive mode, or disabled completely."
>
> I'm surprised and disappointed that this is the case.  Is there really no one using SeLinux under Chef?  Or is there a secret I'm not yet in on?

I'm not aware of anyone using SELinux with Chef or asking for it
really. I'd attribute this to the smaller install base of rhel (and
clones) versus the larger debian/ubuntu contingent using Chef.

Might be worth filing a ticket so people can +1 it at least - maybe
someone will take up the challenge :)
--
Matthew Kent | http://magoazul.com