Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8413

firewall : SELinux context of /etc/sysconfig/iptables gets set back and forth

    Details

    • Type: Bug
    • Status: Reopened
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version: 1.14.0
      Puppet Version: 6.1.0
      OS Name/Version: CentOS 7

      Puppet agent exits 2 after each run with the firewall module having `purge => true`, because it sets the seluser for /etc/sysconfig/iptables back and forth.

      Desired Behavior: Exits without making changes

      Actual Behavior: Exits 2 because changes were made

      while true; do date >> 1.txt;stat /etc/sysconfig/ip6tables|grep Context >> 1.txt; done & puppet agent -t, then removed duplicate lines:

      Fri Dec 28 10:30:01 MST 2018
      Context: system_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:08 MST 2018
      Context: unconfined_u:object_r:etc_t:s0
      Fri Dec 28 10:30:08 MST 2018
      Context: unconfined_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:08 MST 2018
      Context: unconfined_u:object_r:etc_t:s0
      Fri Dec 28 10:30:08 MST 2018
      Context: unconfined_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: unconfined_u:object_r:etc_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: unconfined_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: unconfined_u:object_r:etc_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: unconfined_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: unconfined_u:object_r:system_conf_t:s0
      Fri Dec 28 10:30:09 MST 2018
      Context: system_u:object_r:system_conf_t:s0

      puppet agent -t:

      Info: Using configured environment 'production'
      Info: Retrieving pluginfacts
      Info: Retrieving plugin
      Info: Retrieving locales
      Info: Loading facts
      Info: Caching catalog for [fqdn]
      Info: Applying configuration version '1546019507'
      Notice: /Stage[main]/Main/Firewall[9001 2c3b855ee5ef4043e1a04ce9c8f1c7eb]/ensure: ensured absent
      Notice: /Stage[main]/Main/Firewall[9002 7686fdf971b558f5ebfca49abfeafa8e]/ensure: ensured absent
      Notice: /Stage[main]/Main/Firewall[9003 72afb5edd89247542f6ba0df981e6695]/ensure: ensured absent
      Notice: /Stage[main]/Main/Firewall[9004 2872497b8d21b09e7ef1fc8f629474c8]/ensure: ensured absent
      Notice: /Stage[main]/Firewall::Linux::Redhat/File[/etc/sysconfig/ip6tables]/seluser: seluser changed 'unconfined_u' to 'system_u'
      Notice: Applied catalog in 2.61 seconds

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                virtualdxs Duncan X Simpson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support