Bug 1026374
Summary: | Add a custom luci launcher allowing sane Python runtime + SELinux coexistence | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Jan Pokorný [poki] <jpokorny> |
Component: | luci | Assignee: | Jan Pokorný [poki] <jpokorny> |
Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.4 | CC: | cluster-maint, dwalsh, fdinitto, jpokorny, lvrabec, rmccabe, rsteiger |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | luci-0.26.0-60.el6 | Doc Type: | Bug Fix |
Doc Text: |
[best if re-reviewed by someone with SELinux expertise]
Cause:
It was found that with restructuring the way how luci is started out
(in its rebase) between RHEL 6.2 and RHEL 6.3, selinux-policy package
was not made aware of these changes resulting in luci process
ceasing to be perceived as SELinux confined "piranha_web_t" type.
Consequence:
In order to coexist with SELinux in an expected way while retaining
properties of new luci start procedure, new top-level script is required.
Fix:
Such script is added accompanied with a correct label by updated
selinux-policy package (BZ#1023202).
Result:
Running luci process is of "piranha_web_t" type from SELinux perspective
again as per the expectations.
|
Story Points: | --- |
Clone Of: | 1023202 | Environment: | |
Last Closed: | 2014-10-14 04:13:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1023202 |
Description
Jan Pokorný [poki]
2013-11-04 14:20:00 UTC
Jan, We need helper script for luci, to fix this issue as Miroslav wrote above. Lukáši, please see [bug 1023202 comment 8]. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2014-1390.html |