I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).
The first round for S5 will be:
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.
Rebased is needed for 1123381. Adding for the record here.
So for S6 we need a rebase to have this patch:
Please verify it's in once rebased, this one is important for QE. Thanks!
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).
Jason, disregard bz number from the comment 6. This is what I was referring too:
Patches for selinux needed for S6:
I will add one another today, proceed with the usual way:
- rebase foreman-selinux
- update foreman-selinux.spec
One internal-only change for Snap 7:
#============= load_policy_t ==============
Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.