Bug 1127773

Summary: Tracker: Upgrade foreman-selinux package
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: SELinuxAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED NOTABUG QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, cwelton, jmontleo, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-02 14:10:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1123381, 1129094    

Description Lukas Zapletal 2014-08-07 14:15:42 UTC 
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:

https://github.com/theforeman/foreman-selinux/pull/26
Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC 
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.
Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC 
Rebased is needed for 1123381. Adding for the record here.
Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC 
So for S6 we need a rebase to have this patch:

https://github.com/theforeman/foreman-selinux/pull/26

Please verify it's in once rebased, this one is important for QE. Thanks!
Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC 
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).
Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC 
Jason, disregard bz number from the comment 6. This is what I was referring too:

https://bugzilla.redhat.com/show_bug.cgi?id=1129094#c4
Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC 
Patches for selinux needed for S6:

https://bugzilla.redhat.com/show_bug.cgi?id=1131424

I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec

Thanks!
Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC 
Thanks!
Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC 
One internal-only change for Snap 7:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

http://projects.theforeman.org/issues/7249#note-7

Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.