Hmmm, I’m actually using the CentOS 6.6 bento box. It looks like
SELinux is supposed to be permissive?
I just tried with a simple Vagrantfile:
Vagrant.configure(“2”) do |config|
config.vm.box = "opscode-centos-6.6"
config.vm.box_url = "
Is this what I’m supposed to be seeing with that box?
[vagrant@localhost ~] getenforce
[vagrant@localhost ~] cat /etc/selinux/config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUXTYPE= can take one of these two values:
targeted - Targeted processes are protected,
mls - Multi Level Security protection.
On Wed, Jan 14, 2015 at 7:52 PM, Julian C. Dunn firstname.lastname@example.org wrote:
On Wed, Jan 14, 2015 at 6:38 PM, Greg Barker email@example.com
What’s the appropriate way to handle SELinux configuration for a
or .kitchen.yml that ships with a community cookbook?
I updated the nexus cookbook to use a new base box in the Vagrantfile and
now it will fail if you have recipe[nginx] on the run list, because the
base box has SELinux enabled.
Is there a way to require the selinux cookbook as a dependency but only
Vagrant & Test Kitchen? I was thinking of using that to just disable
but I wouldn’t want it to be a mandatory dependency for everyone.
My personal opinion (as one of the maintainers of the bento project)
is to just use baseboxes that have SELinux in a permissive state
(enabled but not enforcing). That gives the greatest flexibility
[ Julian C. Dunn firstname.lastname@example.org * Sorry, I’m ]
[ WWW: http://www.aquezada.com/staff/julian * only Web 1.0 ]
[ gopher://sdf.org/1/users/keymaker/ * compliant! ]
[ PGP: 91B3 7A9D 683C 7C16 715F 442C 6065 D533 FDC2 05B9 ]