Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File resource mode => '0555' in config.pp may cause SELinux denials #38

Open
failsure opened this issue Dec 1, 2016 · 0 comments
Open

File resource mode => '0555' in config.pp may cause SELinux denials #38

failsure opened this issue Dec 1, 2016 · 0 comments

Comments

@failsure
Copy link

failsure commented Dec 1, 2016

Hello, I am using this module in a RHEL 7 environment in targeted/enforcing mode. The default mode for the file resource in config.pp is causing a problem with this setup, and stunnel cannot start in enforcing mode:

file { $stunnel_dirs:
    ensure => directory,
    owner  => 'root',
    group  => 'root',
    mode   => '0555',
  }

$stunnel_dirs includes the log directory, and without DAC write permission SELinux requires the following:

allow stunnel_t self:capability dac_override;

Would you consider changing the mode to '0755' here? I did confirm that modifying the permissions removes the denial and allows stunnel to start.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@failsure