>
> Maybe it's just a knee-jerk reaction, but I'm having trouble with the idea
> that relying on data from the environment could possibly serve a valid
> system security objective. That's more usually considered a weakness, and
> environment-based exploits are legion.
>
> Do the contexts used need
On Thursday, March 26, 2015 at 2:25:38 PM UTC-5, Melissa Stone wrote:
>
> The current pull request uses the following environment variables:
>
>- NO_PUPPET_SELINUX_DTRANS
>- PUPPET_SELINUX_MASTER_DOMAIN
>- PUPPET_SELINUX_CA_DOMAIN
>
>
Maybe it's just a knee-jerk reaction, but I'm ha
>
> [snip]
> >
> > Environment variables vs configuration via a file
> >
> > Dominic Cleal indicated that we should change the SELinux context before
> > we read any configuration files, which makes us need an alternate method
> > of configuring SELinux, which the reason of running unconfined
>
> Just out of curiosity, are you going to double wrap this in a Java
> Security Policy for those systems that don't have SELinux?
>
IFAIK JSP and SELinux are two different technologies with different goals.
JSP can't protect you from security bugs in JVM and the granulality is much
lower than sy
Just out of curiosity, are you going to double wrap this in a Java Security
Policy for those systems that don't have SELinux?
Thanks,
Trevor
On Fri, Mar 27, 2015 at 5:49 AM, Dominic Cleal wrote:
> On 26/03/15 19:25, Melissa Stone wrote:
> > Hi all,
> >
> > I just wanted to point out that Adrie
On 26/03/15 19:25, Melissa Stone wrote:
> Hi all,
>
> I just wanted to point out that Adrien brought up some interesting
> comments in the ticket for this discussion. So that response gets more
> exposure, I wanted to post it here:
>
> From Adrien Thebo:
>
> I've reviewed PR 3627 and the puppet-
Hi all,
I just wanted to point out that Adrien brought up some interesting comments
in the ticket for this discussion. So that response gets more exposure, I
wanted to post it here:
>From Adrien Thebo:
I've reviewed PR 3627 and the puppet-dev mailing list thread, and I think
that this issue c
Hello,
I filed a pull request with a draft code which is alighed with what Dominic
proposed:
https://github.com/puppetlabs/puppet/pull/2997
It does not introduce any new global command line parameters because I
think it's an overkill. There are three env. variables which can be used to
tune t
