When using 'module' to install selinux-module the selinux-mode is set to disabled. #64
Comments
wouteroostervld
referenced
this issue
Oct 28, 2015
wouteroostervld
changed the title
wouteroostervld
changed the title
|
I will attempt to fix this problem later this week. |
|
👍 this confused me greatly and is poor behavior IMO, not to mention undocumented. |
purplexa
pushed a commit
to purplexa/puppet-selinux
that referenced
this issue
Nov 4, 2015
These test the behavior when setting `undef` for the `mode` parameter to the base `selinux` class. The tested behavior is that the module does not manage the selinux settings at all, leaving the current state the same. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class and setting the mode explicitly causes selinux to be disabled. It is confusing (and undocumented) to use a defined type in a module called `selinux` to set an selinux rule, and have that result in selinux getting disabled.
purplexa
pushed a commit
to purplexa/puppet-selinux
that referenced
this issue
Nov 4, 2015
These test the behavior when setting `undef` for the `type` parameter to the base `selinux` class. The tested behavior is that the module does not manage the selinux settings at all, leaving the current state the same. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class causes selinux configuration to potentially change.
purplexa
pushed a commit
to purplexa/puppet-selinux
that referenced
this issue
Nov 4, 2015
This changes the default behavior for the module to not modify selinux settings unless explicitly told to. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class and setting the mode explicitly causes selinux to be disabled. It is confusing (and undocumented) to use a defined type in a module called `selinux` to set an selinux rule, and have that result in selinux getting disabled. This changes the default behavior, but it will not change the configuration of a node in the situation where the node had the class applied already. However, it will change the behavior in the situation where the `selinux` class was not included on a node, and then was switched to being included on the node without any parameters set (included the situation of a node newly added to Puppet).
|
This should be changed now :) |
This was referenced Nov 6, 2015
|
this should be fixed already. please re-open if you still see this problem |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using 'module' to install selinux module mode is set to disabled. (Probably because ::selinux-class is implicitly loaded by type module.)
Expected was that just installing a module would leave the selinux-mode as-is.
See comment on: 86e9599
The text was updated successfully, but these errors were encountered: