comments on PUP-3765 (proper selinux service support)
25 views
Skip to first unread message
eric gisse
Dec 15, 2014, 4:18:29 AM12/15/14
to puppe...@googlegroups.com
I'm opening this up to thoughts on how to do PUP-3765 properly. Am I going in the right direction or is there a better way?
Note: stuff like separate providers was discussed and I hate it deeply due to maintainability/usability concerns. Keeping it in the provider feels like the way to go, I'm just having a bit of an issue with a proper implementation.
Note: stuff like separate providers was discussed and I hate it deeply due to maintainability/usability concerns. Keeping it in the provider feels like the way to go, I'm just having a bit of an issue with a proper implementation.
Felix Frank
Dec 15, 2014, 5:01:19 PM12/15/14
to puppe...@googlegroups.com
On 12/15/2014 10:18 AM, eric gisse
wrote:
I'm opening this up to thoughts on how to do PUP-3765 properly. Am I going in the right direction or is there a better way?
Note: stuff like separate providers was discussed and I hate it deeply due to maintainability/usability concerns. Keeping it in the provider feels like the way to go, I'm just having a bit of an issue with a proper implementation.
Hi,
where was this discussed? The ticket has no comments and no links.
A separate set of providers seems undesirable to me as well. We would be looking at a) lots of code duplication or b) a layer of inheritance that serves a pretty weak purpose.
The question of "is SELinux enabled or not" is independent of "which tool chain should be used to manage OS services". Anyway, I see no reason why anyone would not want any given provider to Just Work, SELinux or not.
What is your implementation's approach and what issues are you facing?
Thanks,
Felix
where was this discussed? The ticket has no comments and no links.
A separate set of providers seems undesirable to me as well. We would be looking at a) lots of code duplication or b) a layer of inheritance that serves a pretty weak purpose.
The question of "is SELinux enabled or not" is independent of "which tool chain should be used to manage OS services". Anyway, I see no reason why anyone would not want any given provider to Just Work, SELinux or not.
What is your implementation's approach and what issues are you facing?
Thanks,
Felix
Eric Sorenson
Dec 17, 2014, 2:36:28 PM12/17/14
to puppe...@googlegroups.com
It was a sorta late-night conversation on IRC, and I was the proponent of inheriting from the base providers, but I don't feel super strongly that it's the right path. Conversation started here:
--eric0
Felix Frank
Dec 17, 2014, 5:43:25 PM12/17/14
to puppe...@googlegroups.com
On 12/17/2014 08:36 PM, Eric Sorenson wrote:
> It was a sorta late-night conversation on IRC, and I was the proponent
> of inheriting from the base providers, but I don't feel super strongly
> that it's the right path. Conversation started here:
>
> https://botbot.me/freenode/puppet/2014-12-15/?msg=27586083&page=4
Awesome, thanks for that link, Eric. I didn't read it all right now,
> It was a sorta late-night conversation on IRC, and I was the proponent
> of inheriting from the base providers, but I don't feel super strongly
> that it's the right path. Conversation started here:
>
> https://botbot.me/freenode/puppet/2014-12-15/?msg=27586083&page=4
honestly, but the first pages give a good introduction.
So while we're in wishlist mode, how about this: Since the requirement
is so pervasive, would it not be nice to extend
Puppet::Provider::Command in such a way that
* it is aware of whether Puppet is in a SElinux environment
* providers can specify whether run_init is required or forbidden for a
given command
* the command behaves accordingly, no change to its invocation from the
provider needed
Cheers,
Felix
Reply all
Reply to author
Forward
0 new messages