Bug 1127773 - Tracker: Upgrade foreman-selinux package
Summary: Tracker: Upgrade foreman-selinux package
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: SELinux
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: Unspecified
Assignee: Katello Bug Bin
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1123381 1129094
TreeView+ depends on / blocked
 
Reported: 2014-08-07 14:15 UTC by Lukas Zapletal
Modified: 2014-09-02 15:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-02 14:10:23 UTC


Attachments (Terms of Use)

Description Lukas Zapletal 2014-08-07 14:15:42 UTC
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:

https://github.com/theforeman/foreman-selinux/pull/26

Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.

Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC
Rebased is needed for 1123381. Adding for the record here.

Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC
So for S6 we need a rebase to have this patch:

https://github.com/theforeman/foreman-selinux/pull/26

Please verify it's in once rebased, this one is important for QE. Thanks!

Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).

Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC
Jason, disregard bz number from the comment 6. This is what I was referring too:

https://bugzilla.redhat.com/show_bug.cgi?id=1129094#c4

Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC
Patches for selinux needed for S6:

https://bugzilla.redhat.com/show_bug.cgi?id=1131424

I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec

Thanks!

Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC
Thanks!

Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC
One internal-only change for Snap 7:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

http://projects.theforeman.org/issues/7249#note-7

Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.


Note You need to log in before you can comment on or make changes to this bug.