Bug 1127773

Summary: Tracker: Upgrade foreman-selinux package
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: SELinuxAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED NOTABUG QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, cwelton, jmontleo, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-02 14:10:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1123381, 1129094    

Description Lukas Zapletal 2014-08-07 14:15:42 UTC
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:


Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.

Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC
Rebased is needed for 1123381. Adding for the record here.

Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC
So for S6 we need a rebase to have this patch:


Please verify it's in once rebased, this one is important for QE. Thanks!

Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).

Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC
Jason, disregard bz number from the comment 6. This is what I was referring too:


Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC
Patches for selinux needed for S6:


I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec


Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC

Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC
One internal-only change for Snap 7:

require {
        type load_policy_t;

#============= load_policy_t ==============


Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.