Bug 1427986

Summary: Problem with fence agents - selinux denial
Product: Red Hat Enterprise Linux 7 Reporter: Marek Grac <mgrac>
Component: fence-agentsAssignee: Marek Grac <mgrac>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: cfeist, cluster-maint, cluster-qe, dlavu, jpokorny, jstodola, mjuricek, mkelly, rbalakri, tlavigne, tojeline
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: fence-agents-4.0.11-63.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1261711 Environment:
Last Closed: 2017-08-01 16:10:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1261711    
Bug Blocks: 1392968    

Comment 2 Marek Grac 2017-03-01 16:22:13 UTC 
SELinux team advises that we should set SELinux booleans in the post-install script. 

We did not discuss which package should do it. So we will do it in each individual subpackage for RHEL7.
Comment 3 Marek Grac 2017-03-22 18:46:07 UTC 
Finally, implementation is part of the fence-agents-common that is required in all of the cases.
Comment 5 Jan Pokorný [poki] 2017-05-11 11:23:03 UTC 
re [comment 3]:

No, it's currently not, try this ;)

diff --git a/fence-agents.spec b/fence-agents.spec
index fcf2b39..f80601e 100644
--- a/fence-agents.spec
+++ b/fence-agents.spec
@@ -308,7 +308,7 @@ Summary: Common utilities for fence agents
 Requires: python pexpect python-pycurl
 %description common
 Red Hat Fence Agents is a collection of scripts and libraries to handle remote power management for various devices.
-%post
+%post comon
 /sbin/setsebool -P fenced_can_ssh=1 fenced_can_network_connect=1
 %files common
 %defattr(-,root,root,-)
Comment 6 Jan Pokorný [poki] 2017-05-11 11:26:48 UTC 
s/comon/common/ (indeed)
Comment 13 errata-xmlrpc 2017-08-01 16:10:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1874