Bug 1174334

Summary: [TestOnly] SELinux prevents strongswan/starter from writing into /etc/strongswan directory
Product: [Fedora] Fedora EPEL Reporter: Jaroslav Aster <jaster>
Component: strongswanAssignee: Pavel Šimerda (pavlix) <psimerda>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: epel7CC: psimerda
Target Milestone: ---Keywords: SELinux, TestOnly
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1086382 Environment:
Last Closed: 2015-01-14 15:22:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1086382    
Bug Blocks:    

Description Jaroslav Aster 2014-12-15 16:25:27 UTC 
This bug is a TestOnly bug for numad component to cover functionality testing requirements introduced by changes in selinux-policy component related to bug 1086382. It is intended for QE purposes only. If you are a developer/maintainer be aware that this bug does not require any code changes/actions on your side. Your suggestions are more than welcome. Please DO NOT CLOSE this bug.

Problem Description:
The scenario described in bug 1086382 should be supported in selinux-policy-3.13.1-1.el7. If you encounter any problems during numad testing with this or newer SELinux policy please write your findings here.

SELinux How to Test instructions are available at:
 * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs#SELinuxHowToTestInstructions.

More details about the SelinuxTestOnly process are available at:
 * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs

If you have any questions about testing/verification in SELinux enabled environment please contact SELinux QE persons:
 * jaster / jaster at #qa, #brno
 * mmalik / mmalik at #qa, #brno
Comment 1 Jaroslav Aster 2014-12-15 16:32:11 UTC 
Comment above is wrong, s/numad/strongswan/.

This bug is a TestOnly bug for strongswan component to cover functionality testing requirements introduced by changes in selinux-policy component related to bug 1086382. It is intended for QE purposes only. If you are a developer/maintainer be aware that this bug does not require any code changes/actions on your side. Your suggestions are more than welcome. Please DO NOT CLOSE this bug.

Problem Description:
The scenario described in bug 1086382 should be supported in selinux-policy-3.13.1-1.el7. If you encounter any problems during strongswan testing with this or newer SELinux policy please write your findings here.

SELinux How to Test instructions are available at:
 * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs#SELinuxHowToTestInstructions.

More details about the SelinuxTestOnly process are available at:
 * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs

If you have any questions about testing/verification in SELinux enabled environment please contact SELinux QE persons:
 * jaster / jaster at #qa, #brno
 * mmalik / mmalik at #qa, #brno
Comment 2 Jaroslav Aster 2015-01-14 15:22:00 UTC 
I did simple scenario and there were no avcs, so this bug will be closed.