Project

General

Profile

Actions

Bug #12991

closed

puppetdb connectivity should be allowed by passengr_run_puppetmaster

Added by Tommy McNeely about 8 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

I suppose it could be an "additional" sebool, but as far as I am concerned, its part of running a puppet master, so as part of passenger_run_puppetmaster, connectivity to port 8081/tcp (default) should be allowed. I suppose that would involve creating a puppetdb_port_t or something?

As a workaround, you can allow passenger to connect to anything (passenger_can_connect_all)


Related issues 1 (0 open1 closed)

Has duplicate SELinux - Bug #16382: SELinux Preventing Host DeletionDuplicate08/30/2016Actions
Actions #1

Updated by Dominic Cleal over 7 years ago

  • Has duplicate Bug #16382: SELinux Preventing Host Deletion added
Actions #2

Updated by Lukas Zapletal almost 4 years ago

  • Status changed from New to Rejected

We have this in the policy:

```
  1. Connecting to puppet server
    optional_policy(`
    tunable_policy(`foreman_rails_can_connect_puppetmaster', `
    corenet_tcp_connect_puppet_port(foreman_rails_t)
    ')
    ')
    ```

The macro is defined in RHEL policy, file a BZ there if you want the port to be added there.

Actions

Also available in: Atom PDF