Hello, we are rolling out update of Puppet to 3.4.3 in Fedora 20 and Rawhide that adds one important change. We have found that puppet master was running unconfined, therefore the Puppet SELinux policy was not effective in Fedoras. The puppet package update fixes one little issue (missing runtime dependency) and corrects startup wrappers for systemd which puts Puppet Master into the correct SELinux domain puppetmaster_t. Since this has some security impact, we have decided to backport this change into Fedora 20 too. https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20 Until now, puppet master was running unconfined (this is a regression), the update might need relabelling of the system (/etc/puppet, /var/lib/puppet) or checking out audit.log. Please help me with testing this update: yum --enablerepo=updates-testing update selinux-policy puppet puppet-server Thanks for help. -- Later, Lukas "lzap" Zapletal irc: lzap #theforeman -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
