Bug 805127

Summary: CFSE installation is missing Candlepin SELinux policy
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: Subscription ManagementAssignee: Miroslav Suchý <msuchy>
Status: CLOSED CURRENTRELEASE QA Contact: Og Maciel <omaciel>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: cpelland, gkhachik, mmccune, msuchy, omaciel
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-02 14:08:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Lukas Zapletal 2012-03-20 15:17:45 UTC 
Description of problem:

After I installed CFSE BETA5, I dont see any selinux candlepin package and there is no selinux module. Tomcat (Candlepin) is running in unconfined mode:

unconfined_u:system_r:unconfined_java_t:s0 tomcat 4238 1.3 18.7 2716184 262644 ? Sl 15:50   0:20 /usr/lib/jvm/jre/bin/java

# rpm -qa | grep selinux
selinux-policy-3.7.19-126.el6.noarch
pulp-selinux-server-1.0.0-4.el6.noarch
libselinux-python-2.0.94-5.2.el6.x86_64
libselinux-utils-2.0.94-5.2.el6.x86_64
selinux-policy-targeted-3.7.19-126.el6.noarch
libselinux-ruby-2.0.94-5.2.el6.x86_64
katello-selinux-0.1.8-1.el6.noarch
libselinux-2.0.94-5.2.el6.x86_64

# semodule -l | grep candlepin
(nothing)

Expected results:

candlepin-selinux package installed and selinux module enabled
Comment 1 Lukas Zapletal 2012-03-20 15:23:56 UTC 
Workaround:

yum -y install candlepin-selinux

Part of this bug/task:

- make sure katello-all installs this package
- do some testing of katello and candlepin running in confined mode
- no denails should be there prior commiting the change
Comment 6 Lukas Zapletal 2012-05-21 14:52:06 UTC 
Ok setting low prio, Candlepin is a java app, runs unconfined.
Comment 7 Lukas Zapletal 2012-08-22 07:45:33 UTC 
https://github.com/Katello/katello/pull/498
Comment 8 Miroslav Suchý 2012-08-22 08:02:51 UTC 
Fixed in commit 7ac95d4.
Comment 9 Og Maciel 2013-02-01 20:33:57 UTC 
* CFSE 1.1.1 ships candlepin-selinux-0.7.8.1-1.el6cf.noarch
* CFSE 1.1.2 will ship candlepin-selinux-0.7.19-3.el6cf.noarch
* SAM does not seem to ship it. Will file a BZ.
Comment 10 Bryan Kearney 2014-07-02 14:08:43 UTC 
This was delivered with 6.0.3, which is the Satellite 6 Beta.