Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1127773 - Tracker: Upgrade foreman-selinux package
Summary: Tracker: Upgrade foreman-selinux package
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: SELinux
Version: 6.0.4
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Katello Bug Bin
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1123381 1129094
TreeView+ depends on / blocked
 
Reported: 2014-08-07 14:15 UTC by Lukas Zapletal
Modified: 2014-09-02 15:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-02 14:10:23 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Lukas Zapletal 2014-08-07 14:15:42 UTC 
I am going to deliver SELinux policy fixes for both RHEL6 and RHEL7 in the upcoming weeks (snaps). I'd like to have this BZ as a tracker bug. Everytime I will need a foreman-selinux rebase, I will flip it to POST if you don't mind. I will always comment what the changes are (fixes only, no new features).

The first round for S5 will be:

https://github.com/theforeman/foreman-selinux/pull/26
Comment 2 Lukas Zapletal 2014-08-07 14:22:04 UTC 
And of course, if there are any bugs reported in BZ, I will attach it to this tracker bug and follow the normal procedure with it.
Comment 4 Lukas Zapletal 2014-08-11 07:04:02 UTC 
Rebased is needed for 1123381. Adding for the record here.
Comment 5 Lukas Zapletal 2014-08-11 13:47:11 UTC 
So for S6 we need a rebase to have this patch:

https://github.com/theforeman/foreman-selinux/pull/26

Please verify it's in once rebased, this one is important for QE. Thanks!
Comment 6 Lukas Zapletal 2014-08-12 09:27:44 UTC 
Jason - for 1123381 note the comment there - we need foreman-selinux.spec change (one line added, one line removed).
Comment 7 Lukas Zapletal 2014-08-12 18:52:19 UTC 
Jason, disregard bz number from the comment 6. This is what I was referring too:

https://bugzilla.redhat.com/show_bug.cgi?id=1129094#c4
Comment 10 Lukas Zapletal 2014-08-19 09:33:43 UTC 
Patches for selinux needed for S6:

https://bugzilla.redhat.com/show_bug.cgi?id=1131424

I will add one another today, proceed with the usual way:

- rebase foreman-selinux
- update foreman-selinux.spec

Thanks!
Comment 11 Lukas Zapletal 2014-08-19 18:04:17 UTC 
Thanks!
Comment 12 Lukas Zapletal 2014-08-27 15:36:23 UTC 
One internal-only change for Snap 7:

require {
        type load_policy_t;
}

#============= load_policy_t ==============
userdom_write_inherited_user_tmp_files(load_policy_t)

http://projects.theforeman.org/issues/7249#note-7

Note I have a list of all internal-only selinux changes in this upstream bug. My goal is to create a separate module that will only contain workarounds for upstream (Foreman with Katello). We can then drop our changes and use it. I want to hit the GA with this change.
Note You need to log in before you can comment on or make changes to this bug.