1038281 – Do not turn off selinux by default on the foreman server

Bug 1038281 - Do not turn off selinux by default on the foreman server

Summary: Do not turn off selinux by default on the foreman server

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-foreman-installer
Sub Component:
Version:	4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	4.0
Assignee:	Jason Guiditta
QA Contact:	Omri Hochman
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-12-04 19:32 UTC by Crag Wolfe
Modified:	2016-04-26 14:40 UTC (History)
CC List:	7 users (show)
Fixed In Version:	openstack-foreman-installer-0.0.24-1.el6ost
Doc Type:	Bug Fix
Doc Text:	Previously, the foreman_server.sh script contained a command that explicitly disabled SELinux. This posed a security risk, as the command disabled SELinux even if the user had it enabled previously. This update removes the command that disables SELinux. As a result, Foreman now installs the appropriate policy if the user already has SELinux enabled.
Clone Of:
Environment:
Last Closed:	2013-12-20 00:41:08 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2013:1859	0	normal	SHIPPED_LIVE	Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory	2013-12-21 00:01:48 UTC

Description Crag Wolfe 2013-12-04 19:32:24 UTC

Running the openstack foreman installer, foreman_server.sh, causes selinux to be turned off.  This should be removed.  Instead, the user should decide for themselves whether to run selinux and whether or not to install the foreman-selinux rpm (which is already in the RHOS channel).

Comment 2 Jason Guiditta 2013-12-05 21:24:48 UTC

Merged upstream

https://github.com/redhat-openstack/astapor/pull/70

Comment 6 Omri Hochman 2013-12-16 15:54:48 UTC

Verified with openstack-foreman-installer-0.0.25-1.el6ost.noarch
(Puddle 2013-12-12.1)

After foreman_server.sh installation the SELINUX is Enabled.

[root@foreman-server ~]# getenforce 
Enforcing

Comment 8 errata-xmlrpc 2013-12-20 00:41:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1859.html

Note You need to log in before you can comment on or make changes to this bug.