Hi all,
I'm having some problems working with puppet-selinux[1]
I've successfully deployed the module in nodes.pp and got it to set
various SELinux modes, by using
class { selinux: mode => 'permissive' }
or
class { selinux: mode => 'enforcing' }
Now I want to load a custom SELinux policy file. According to the docs,
the correct calling syntax is this
selinux::module{ 'resnet-nrpe':
ensure => 'present',
source => 'puppet:///modules/nagios/nrpe/resnet-nrpe.te',
}
However running with that throws this error:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate definition: Class[Selinux] is already defined in file
/etc/puppet/manifests/nodes.pp at line 14; cannot redefine at
/etc/puppet/modules/selinux/manifests/module.pp:40 on node
So it looks like you can't specify a class twice. selinux::module seems
to instantiate selinux automatically. I tried commenting this
declaration but it threw this error instead:
err: Could not retrieve catalog from remote server: Error 400 on SERVER:
undefined method `<<' for {}:Hash on node
So, I don't really know what the best solution is. The module code is
quite simple so I'd be grateful if someone could suggest the best way.
Ultimately, I want the SELinux module deployed on all my boxes,
regardless of whether the box is running in permissive or enforcing mode.
Thanks,
Jonathan
[1] https://github.com/jfryman/puppet-selinux
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
