Bug 1134737

Summary: Improve SELinux sosreport/foreman-debug
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: PackagingAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Elyézer Rezende <erezende>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, cwelton, dcleal, erezende
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/7098
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-12 05:15:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Zapletal 2014-08-28 08:23:16 UTC 
We already added some information to foreman-debug (grep AVC and audit2allow).

Unfortunately when selinux interfaces are not installed and generated, -R option can fail:

COMMAND> audit2allow -R < /var/log/audit/audit.log

could not open interface info [/var/lib/sepolgen/interface_info]

I am going to fix this and add few more selinux related information to the tarball.

PM: Please ack this for 6.0.4, I need this to improve SELinux bug reports. I am missing some important bits. Thanks.
Comment 1 Lukas Zapletal 2014-08-28 08:24:10 UTC 
Upstream patch is pending: http://projects.theforeman.org/issues/7098

https://github.com/theforeman/foreman/pull/1691

Please review.
Comment 5 Bryan Kearney 2014-10-06 10:06:50 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/7098 has been closed
-------------
Lukas Zapletal
Applied in changeset commit:80cc99f4b0d0af0afdba8def1256b37c4862430f.
Comment 6 Lukas Zapletal 2015-02-03 12:44:43 UTC 
Jason, this bug was initially filed on SELinux component, but it was an improvement in our foreman-debug script. Changed the component to Packaging, this needs to be cherry-picked.

For SELinux bugs (policy) I am providing the pull requests directly to you. But this is different one. Thanks.
Comment 11 Bryan Kearney 2015-02-18 01:46:50 UTC 
Upstream bug assigned to lzap
Comment 12 Elyézer Rezende 2015-03-09 16:18:06 UTC 
Verified on: Satellite-6.1.0-RHEL-7-20150303.0

Steps do verify:

[root@sat6 ~]# mkdir debug
[root@sat6 ~]# foreman-debug -d debug/
[root@sat6 ~]# ls -l debug/ | grep selinux
-rw-r--r--.  1 root root     76 Mar  9 12:10 selinux_audit2allow
-rw-r--r--.  1 root root  23308 Mar  9 12:10 selinux_booleans
-rw-r--r--.  1 root root   3129 Mar  9 12:10 selinux_denials.log
-rw-r--r--.  1 root root 627974 Mar  9 12:10 selinux_fcontext
-rw-r--r--.  1 root root   3106 Mar  9 12:10 selinux_first_denials.log
-rw-r--r--.  1 root root   5935 Mar  9 12:10 selinux_modules

Also checked the contents of each file.
Comment 13 Bryan Kearney 2015-08-11 13:32:46 UTC 
This bug is slated to be released with Satellite 6.1.
Comment 14 errata-xmlrpc 2015-08-12 05:15:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:1592