Bug 1038281 - Do not turn off selinux by default on the foreman server
Summary: Do not turn off selinux by default on the foreman server
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-foreman-installer
Version: 4.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 4.0
Assignee: Jason Guiditta
QA Contact: Omri Hochman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-04 19:32 UTC by Crag Wolfe
Modified: 2016-04-26 14:40 UTC (History)
7 users (show)

Fixed In Version: openstack-foreman-installer-0.0.24-1.el6ost
Doc Type: Bug Fix
Doc Text:
Previously, the foreman_server.sh script contained a command that explicitly disabled SELinux. This posed a security risk, as the command disabled SELinux even if the user had it enabled previously. This update removes the command that disables SELinux. As a result, Foreman now installs the appropriate policy if the user already has SELinux enabled.
Clone Of:
Environment:
Last Closed: 2013-12-20 00:41:08 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2013:1859 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2013-12-21 00:01:48 UTC

Description Crag Wolfe 2013-12-04 19:32:24 UTC
Running the openstack foreman installer, foreman_server.sh, causes selinux to be turned off.  This should be removed.  Instead, the user should decide for themselves whether to run selinux and whether or not to install the foreman-selinux rpm (which is already in the RHOS channel).

Comment 2 Jason Guiditta 2013-12-05 21:24:48 UTC
Merged upstream

https://github.com/redhat-openstack/astapor/pull/70

Comment 6 Omri Hochman 2013-12-16 15:54:48 UTC
Verified with openstack-foreman-installer-0.0.25-1.el6ost.noarch
(Puddle 2013-12-12.1)

After foreman_server.sh installation the SELINUX is Enabled.

[root@foreman-server ~]# getenforce 
Enforcing

Comment 8 errata-xmlrpc 2013-12-20 00:41:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html


Note You need to log in before you can comment on or make changes to this bug.