Bug 1127773 - Tracker: Upgrade foreman-selinux package
Summary: Tracker: Upgrade foreman-selinux package
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: SELinux
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: Unspecified
Assignee: Katello Bug Bin
QA Contact: Katello QA List
Depends On:
Blocks: 1123381 1129094
TreeView+ depends on / blocked
Reported: 2014-08-07 14:15 UTC by Lukas Zapletal
Modified: 2014-09-02 15:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-09-02 14:10:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Lukas Zapletal 2014-08-07 14:15:42 UTC
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:


Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.

Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC
Rebased is needed for 1123381. Adding for the record here.

Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC
So for S6 we need a rebase to have this patch:


Please verify it's in once rebased, this one is important for QE. Thanks!

Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).

Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC
Jason, disregard bz number from the comment 6. This is what I was referring too:


Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC
Patches for selinux needed for S6:


I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec


Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC

Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC
One internal-only change for Snap 7:

require {
        type load_policy_t;

#============= load_policy_t ==============


Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.

Note You need to log in before you can comment on or make changes to this bug.