Hi list, Some SELinux configurations can't be included in policy and require the use of semanage. This is fine in some cases, such as the installation of services by package management, but the use of `semanage -i` doesn't lend itself well to applying and enforcing certain local changes (e.g. RBAC mappings) using configuration management tools (Ansible, puppet, etc.). To address this, I've created a new command 'seapply' (https://github.com/doksu/seapply), which takes a JSON representation of the desired configuration and compares it to the local running configuration. Iff discrepancies exist, it rectifies those specific differences. In this way, a configuration management tool can run the seapply command frequently without reapplying all the local SELinux configuration customisations each time (which significantly slows down the application of configuration management policies). Any suggestions or feedback? Would it be possible to bring this into the tool set? Cheers, Doug _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
