From: Seth Vidal skvidal@fedoraproject.org
I think but am not positive that it is causing this log error:
restorecond: set context /var/db/shadow.db->system_u:object_r:shadow_t:s0 failed:'Permission denied'
due to fasClient running from cron at the same time as from puppet. --- modules/fas/manifests/init.pp | 9 --------- 1 files changed, 0 insertions(+), 9 deletions(-)
diff --git a/modules/fas/manifests/init.pp b/modules/fas/manifests/init.pp index f1eb7ac..64676bb 100644 --- a/modules/fas/manifests/init.pp +++ b/modules/fas/manifests/init.pp @@ -66,15 +66,6 @@ class fas::client { type => "user_home_dir_t", }
- exec { "make-accounts": - command => "/usr/bin/fasClient -e; /usr/bin/fasClient -i", - timeout => 90, - creates => "/var/db/shadow.db", - require => [ - File["/etc/fas.conf"], - Package["fas-clients"], - ], - } }
# May want to merge this into fas::client in the future if we want yubikey
From: Seth Vidal skvidal@fedoraproject.org
--- modules/audit/manifests/init.pp | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/audit/manifests/init.pp b/modules/audit/manifests/init.pp index 049cbd8..30f19c7 100644 --- a/modules/audit/manifests/init.pp +++ b/modules/audit/manifests/init.pp @@ -15,14 +15,14 @@ class audit::auditd { ensure => directory, owner => 'root', group => 102095, - require => [Package['audit'], Exec['make-accounts']] + require => Package['audit'] }
file { '/etc/audit': ensure => directory, owner => 'root', group => 102095, - require => [Package['audit'], Exec['make-accounts']], + require => Package['audit'] }
file { '/etc/audit/audit.rules': @@ -38,7 +38,7 @@ class audit::auditd { mode => 640, owner => 'root', group => 'sysadmin-noc', - require => [Package['audit'], Exec['make-accounts']], + require => Package['audit'], notify => Service['auditd'], }
+1
+1
If this gets rid of the fas lock wrapper emails, and the selinux restorecond emails I am all for it. ;)
+1
kevin
infrastructure@lists.fedoraproject.org