On 12/04/16 19:10, John Jasen wrote:
Out of faint curiosity, how do we push change requests upstream to RHEL?
I'm using puppet to automate systems, including the application of SELinux policy. While setsebool -P is non-damaging to repeat, it is time consuming -- taking about 45 seconds per execution to process the existing policy and re-commit to disk.
I'd like a simple ability to put an unless in the execution of setsebool, to key off whether its necessary -- to reduce a SELinux puppet run from 250 seconds to about 60. Unfortunately, in the current format, getsebool has defeated me.
Would it be possible to have getsebool extended, so something like getsebool -b $variablename would return true or false as the exit code?
Trying to understand what you want to do, as puppet has native resource type for this :
class selinux::booleans::httpd_can_network_connect {
selboolean {'httpd_can_network_connect': value => on, persistent => true, } }
So why are you trying to use Exec resource type mixed with unless ?