The selinux permissions on alt environment rsync directories is getting reset


A resetting of selinux context is resetting the permissions on rsync directories that are not under the simp environment.

This is being caused by the selinux module in simp-environment which resets everything under /var/simp. The rsync selinux module currently only sets stuff under /var/simp/environments/simp/

It should be updated from:
to something like

Acceptance Criteria

cp -a /var/simp/environments/simp /var/simp/environments/newsimp

  1. check your selinux contexts in new directory

restorecon -Rv /var/simp/environments/

#should not remove the selinux context from files under /var/simp/environments/newsimp/rsync (or simp/rsync)


Jeanne Greulich
October 26, 2017, 7:35 PM

1) puppet needs selinux context of puppet_var_lib_t to access modules and key in /var/simp
2) rsync contexts /var/simp/environment/*rsync should not be overwritten
3) simp-rsync only sets perms for simp environment
4) If you remove our settings the /var selinux context takes or and sets everything to var_t context.

These are all addressed by the new policy.

