Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1127773

Summary: Tracker: Upgrade foreman-selinux package
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: SELinuxAssignee: Katello Bug Bin <katello-bugs>
Status: CLOSED NOTABUG QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.4CC: bbuckingham, cwelton, jmontleo, sthirugn
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-02 14:10:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1123381, 1129094    

Description Lukas Zapletal 2014-08-07 14:15:42 UTC 
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:

https://github.com/theforeman/foreman-selinux/pull/26
Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC 
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.
Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC 
Rebased is needed for 1123381. Adding for the record here.
Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC 
So for S6 we need a rebase to have this patch:

https://github.com/theforeman/foreman-selinux/pull/26

Please verify it's in once rebased, this one is important for QE. Thanks!
Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC 
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).
Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC 
Jason, disregard bz number from the comment 6. This is what I was referring too:

https://bugzilla.redhat.com/show_bug.cgi?id=1129094#c4
Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC 
Patches for selinux needed for S6:

https://bugzilla.redhat.com/show_bug.cgi?id=1131424

I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec

Thanks!
Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC 
Thanks!
Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC 
One internal-only change for Snap 7:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

http://projects.theforeman.org/issues/7249#note-7

Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.