Hey all, I am going to push the update to stable. There were no reports of misbehavior. In any case, check for AVC denials after Puppet upgrade and relabel system if necessary. LZ On Tue, Apr 22, 2014 at 02:46:33PM +0200, Lukas Zapletal wrote: > Hello, > > we are rolling out update of Puppet to 3.4.3 in Fedora 20 and Rawhide that > adds one important change. We have found that puppet master was running > unconfined, therefore the Puppet SELinux policy was not effective in Fedoras. > > The puppet package update fixes one little issue (missing runtime > dependency) and corrects startup wrappers for systemd which puts Puppet > Master into the correct SELinux domain puppetmaster_t. Since this has > some security impact, we have decided to backport this change into > Fedora 20 too. > > https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20 > > Until now, puppet master was running unconfined (this is a regression), > the update might need relabelling of the system (/etc/puppet, > /var/lib/puppet) or checking out audit.log. Please help me with testing > this update: > > yum --enablerepo=updates-testing update selinux-policy puppet puppet-server > > Thanks for help. > > -- > Later, > > Lukas "lzap" Zapletal > irc: lzap #theforeman > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct -- Later, Lukas "lzap" Zapletal irc: lzap #theforeman -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
