Switch default behavior to not manage selinux #67
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
November 3, 2015 17:30
This renames the `spec/classes/selinux_config_mode.rb` file to the proper `spec/classes/selinux_config_mode_spec.rb` because otherwise it never gets run.
These test the behavior when setting `undef` for the `mode` parameter to the base `selinux` class. The tested behavior is that the module does not manage the selinux settings at all, leaving the current state the same. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class and setting the mode explicitly causes selinux to be disabled. It is confusing (and undocumented) to use a defined type in a module called `selinux` to set an selinux rule, and have that result in selinux getting disabled.
These test the behavior when setting `undef` for the `type` parameter to the base `selinux` class. The tested behavior is that the module does not manage the selinux settings at all, leaving the current state the same. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class causes selinux configuration to potentially change.
This changes the default behavior for the module to not modify selinux settings unless explicitly told to. This is the desired behavior as described in voxpupuli#64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the `selinux` class and setting the mode explicitly causes selinux to be disabled. It is confusing (and undocumented) to use a defined type in a module called `selinux` to set an selinux rule, and have that result in selinux getting disabled. This changes the default behavior, but it will not change the configuration of a node in the situation where the node had the class applied already. However, it will change the behavior in the situation where the `selinux` class was not included on a node, and then was switched to being included on the node without any parameters set (included the situation of a node newly added to Puppet).
This updates the README with a few minor additions that weren't added, as well as describing the default behavior.
|
Great! |
|
Much obliged for the code! 🙇 |
jfryman
added a commit
that referenced
this pull request
Nov 4, 2015
Switch default behavior to not manage selinux
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This changes the default behavior for the module to not modify selinux settings unless explicitly told to. This is the desired behavior as described in #64, because otherwise using one of the defined types to manage just a specific selinux rule, but not manually declaring the
selinuxclass and setting the mode explicitly causes selinux to be disabled. It is confusing (and undocumented) to use a defined type in amodule called
selinuxto set an selinux rule, and have that result in selinux getting disabled.This changes the default behavior, but it will not change the configuration of a node in the situation where the node had the class applied already. However, it will change the behavior in the situation
where the
selinuxclass was not included on a node, and then was switched to being included on the node without any parameters set (included the situation of a node newly added to Puppet).