puppetdb connectivity should be allowed by passengr_run_puppetmaster
I suppose it could be an "additional" sebool, but as far as I am concerned, its part of running a puppet master, so as part of passenger_run_puppetmaster, connectivity to port 8081/tcp (default) should be allowed. I suppose that would involve creating a puppetdb_port_t or something?
As a workaround, you can allow passenger to connect to anything (passenger_can_connect_all)
#2 Updated by Lukas Zapletal over 1 year ago
- Status changed from New to Rejected
We have this in the policy:```
- Connecting to puppet server
The macro is defined in RHEL policy, file a BZ there if you want the port to be added there.