I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features). The first round for S5 will be: https://github.com/theforeman/foreman-selinux/pull/26
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.
Rebased is needed for 1123381. Adding for the record here.
So for S6 we need a rebase to have this patch: https://github.com/theforeman/foreman-selinux/pull/26 Please verify it's in once rebased, this one is important for QE. Thanks!
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).
Jason, disregard bz number from the comment 6. This is what I was referring too: https://bugzilla.redhat.com/show_bug.cgi?id=1129094#c4
Patches for selinux needed for S6: https://bugzilla.redhat.com/show_bug.cgi?id=1131424 I will add one another today, proceed with the usual way: - rebase foreman-selinux - update foreman-selinux.spec Thanks!
Thanks!
One internal-only change for Snap 7: require { type load_policy_t; } #============= load_policy_t ============== userdom_write_inherited_user_tmp_files(load_policy_t) http://projects.theforeman.org/issues/7249#note-7 Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.