You can use puppet to manage services (make sure they are running and in
the proper runlevel). What I emailed you worked for me.
exec_no_trans is required for rc-update
type=AVC msg=audit(1310333942.567:429): avc: denied { execute_no_trans }
for pid=31986 comm="puppetd" path="/sbin/rc-update"
On Sun, Jul 10, 2011 at 04:49:15PM -0500, Matthew Thode wrote:
> #= puppet_t ==
> allow puppet_t initrc_notrans_exec_t:file execute;
> allow puppet_t self:capability dac_read_search;
These two I find a bit strange. When do you encounter the need for
initrc_notrans_exec_t ex
First, puppet and puppetmaster are both in /usr/bin not /usr/sbin anymore
And here is what I needed to add to the policy.
module puppetlocal 1.0;
require {
type sendmail_exec_t;
type puppet_t;
type proc_net_t;
type mount_exec_t;
type portage_exec_t;
