Back to bug 1026374
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Pokorný [poki] | 2013-11-04 14:22:52 UTC | Blocks | 1023202 | |
| Depends On | 1023202 | |||
| Jan Pokorný [poki] | 2013-11-27 18:38:40 UTC | Priority | unspecified | medium |
| Status | NEW | ASSIGNED | ||
| Assignee | rmccabe | jpokorny | ||
| Severity | unspecified | medium | ||
| Lukas Vrabec | 2014-07-15 09:25:57 UTC | CC | jpokorny, lvrabec | |
| Flags | needinfo?(jpokorny) | |||
| Fabio Massimo Di Nitto | 2014-08-04 12:16:56 UTC | CC | fdinitto | |
| Jan Pokorný [poki] | 2014-08-04 12:22:16 UTC | Flags | needinfo?(jpokorny) | |
| Jan Pokorný [poki] | 2014-08-04 12:45:21 UTC | Status | ASSIGNED | POST |
| Summary | luci: started python process has "unconfined_u:system_r:initrc_t:s0" label | Add a custom luci launcher allowing sane Python runtime + SELinux coexistence | ||
| Jan Pokorný [poki] | 2014-08-06 14:37:36 UTC | Status | POST | MODIFIED |
| Fixed In Version | luci-0.26.0-57.el6 | |||
| errata-xmlrpc | 2014-08-06 14:48:29 UTC | Status | MODIFIED | ON_QA |
| Jan Pokorný [poki] | 2014-08-11 20:18:10 UTC | Flags | needinfo?(rsteiger) | |
| Radek Steiger | 2014-08-12 12:15:25 UTC | Flags | needinfo?(rsteiger) | |
| Jan Pokorný [poki] | 2014-08-12 14:03:34 UTC | Status | ON_QA | MODIFIED |
| Fixed In Version | luci-0.26.0-57.el6 | luci-0.26.0-60.el6 | ||
| Jan Pokorný [poki] | 2014-08-12 14:17:24 UTC | Status | MODIFIED | ON_QA |
| Jan Pokorný [poki] | 2014-08-12 16:57:22 UTC | Doc Text | [to be reviewed by someone with SELinux expertise] Cause: It was found that with restructuring the way how luci is started out (in its rebase) between RHEL 6.2 and RHEL 6.3, selinux-policy package was not made aware of these changes resulting in luci process running with "unconfined_u:system_r:initrc_t:s0" context instead of more restrictive "unconfined_u:system_r:piranha_web_t:s0" as before. Consequence: In order to coexist with SELinux in an expected way while retaining properties of new luci start procedure, new top-level script is required. Fix: Such script is added accompanied with a correct label by updated selinux-policy package (BZ#1023202). Result: Luci process now runs in "unconfined_u:system_r:piranha_web_t:s0" context as expected. |
|
| Radek Steiger | 2014-08-13 06:49:47 UTC | Status | ON_QA | VERIFIED |
| Jan Pokorný [poki] | 2014-08-18 20:57:41 UTC | Doc Text | [to be reviewed by someone with SELinux expertise] Cause: It was found that with restructuring the way how luci is started out (in its rebase) between RHEL 6.2 and RHEL 6.3, selinux-policy package was not made aware of these changes resulting in luci process running with "unconfined_u:system_r:initrc_t:s0" context instead of more restrictive "unconfined_u:system_r:piranha_web_t:s0" as before. Consequence: In order to coexist with SELinux in an expected way while retaining properties of new luci start procedure, new top-level script is required. Fix: Such script is added accompanied with a correct label by updated selinux-policy package (BZ#1023202). Result: Luci process now runs in "unconfined_u:system_r:piranha_web_t:s0" context as expected. | [best if re-reviewed by someone with SELinux expertise] Cause: It was found that with restructuring the way how luci is started out (in its rebase) between RHEL 6.2 and RHEL 6.3, selinux-policy package was not made aware of these changes resulting in luci process ceasing to be perceived as SELinux confined "piranha_web_t" type. Consequence: In order to coexist with SELinux in an expected way while retaining properties of new luci start procedure, new top-level script is required. Fix: Such script is added accompanied with a correct label by updated selinux-policy package (BZ#1023202). Result: Running luci process is of "piranha_web_t" type from SELinux perspective again as per the expectations. |
| errata-xmlrpc | 2014-10-14 00:00:59 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2014-10-14 04:13:03 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-10-14 00:13:03 UTC |
Back to bug 1026374