[CentOS] selinux getsebool request
Fabian Arrotin
arrfab at centos.org
Wed Apr 13 10:01:49 UTC 2016
On 12/04/16 19:10, John Jasen wrote:
> Out of faint curiosity, how do we push change requests upstream to RHEL?
>
> I'm using puppet to automate systems, including the application of
> SELinux policy. While setsebool -P is non-damaging to repeat, it is time
> consuming -- taking about 45 seconds per execution to process the
> existing policy and re-commit to disk.
>
> I'd like a simple ability to put an unless in the execution of
> setsebool, to key off whether its necessary -- to reduce a SELinux
> puppet run from 250 seconds to about 60. Unfortunately, in the current
> format, getsebool has defeated me.
>
> Would it be possible to have getsebool extended, so something like
> getsebool -b $variablename would return true or false as the exit code?
>
Trying to understand what you want to do, as puppet has native resource
type for this :
class selinux::booleans::httpd_can_network_connect {
selboolean {'httpd_can_network_connect':
value => on,
persistent => true,
}
}
So why are you trying to use Exec resource type mixed with unless ?
--
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20160413/b886a559/attachment.sig>
More information about the CentOS
mailing list