On 12/04/16 19:10, John Jasen wrote:
> Out of faint curiosity, how do we push change requests upstream to RHEL?
>
> I'm using puppet to automate systems, including the application of
> SELinux policy. While setsebool -P is non-damaging to repeat, it is time
> consuming -- taking about 45 seconds per execution to process the
> existing policy and re-commit to disk.
>
> I'd like a simple ability to put an unless in the execution of
> setsebool, to key off whether its necessary -- to reduce a SELinux
> puppet run from 250 seconds to about 60. Unfortunately, in the current
> format, getsebool has defeated me.
>
> Would it be possible to have getsebool extended, so something like
> getsebool -b $variablename would return true or false as the exit code?
>
Trying to understand what you want to do, as puppet has native resource
type for this :
class selinux::booleans::httpd_can_network_connect {
selboolean {'httpd_can_network_connect':
value => on,
persistent => true,
}
}
So why are you trying to use Exec resource type mixed with unless ?
--
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
