-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/21/2011 05:47 PM, Erinn Looney-Triggs wrote: > I am using puppet to manage my system configuration and I am > looking for the best way to manage file context changes between > multiple hosts. > > Basically I have some local changes that are held in > /etc/selinux/targeted/modules/active/file_contexts.local, is it > reasonable just to copy this file to hosts that need to be aware of > the changes held therein or is there a better method? > > This would be implemented on RHEL 5 and 6 systems. > > Thanks, -Erinn > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux /etc/selinux/targeted/modules/active/file_contexts.local # This file is only used when policy is updated and /etc/selinux/targeted/contexts/files/file_contexts.local # This file is actually the one used by restorecon and rpm ... Should be kept in sync, and would work on RHEL5 and RHEL6, You could also use the method Dominick described for distributing all local canonizations. You might want to write puppet script that would dump local customizations and check it versus global customizations, and apply the global if they differ, since semanage -i will take a long time to run. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk57LxQACgkQrlYvE4MpobNtdQCgzoik2f4hNo++/pxWRVuxWfrK P9QAoL4Gtks4ZfqY7hApKCmL2C6HNqnH =6FSf -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
