This bug is a TestOnly bug for graphite-web component to cover functionality testing requirements introduced by changes in selinux-policy component related to bug #1148766. It is intended for QE purposes only. If you are a developer/maintainer be aware that this bug does not require any code changes/actions on your side. Your suggestions are more than welcome. Please DO NOT CLOSE this bug. Problem Description: The scenario described in bug #1148766 should be supported in selinux-policy-3.13.1-3.el7. If you encounter any problems during graphite-web testing with this or newer SELinux policy please write your findings here. SELinux How to Test instructions are available at: * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs#SELinuxHowToTestInstructions. More details about the SelinuxTestOnly process are available at: * https://wiki.test.redhat.com/BaseOs/Security/SelinuxTestOnlyBugs If you have any questions about testing/verification in SELinux enabled environment please contact SELinux QE persons: * mzember / mzember at #qa, #brno * mmalik / mmalik at #qa, #brno
This is graphite-web in EPEL not graphite2 in RHEL
As this has moved to Fedora, may I kindly ask that someone (not necessarily QA) would test grephite-web with the new selinux-policy? Jonathan, do you have any suggestion?
Where can you find selinux-policy-3.13.1-3.el7 package to install and test? It appears latest in the repositories is still 3.12.x.
Created attachment 981634 [details] selinux policy RPM
Created attachment 981637 [details] selinux policy targeted RPM
Jamie, you are right, this is not clear, especially if you do not have access to brewweb.devel.redhat.com from the outside. I am attaching the packages. (I believe there is a better way to do this but I do not know it yet.) selinux-policy-3.13.1-16.el7 is definitely different than the *.fc* package for Fedora.
BTW they are also here: http://people.redhat.com/dwalsh/SELinux/RHEL7/noarch/ http://people.redhat.com/dwalsh/SELinux/RHEL6/noarch/
After the move of this bug from RHEL to Fedora, it was not open for public. Opening now. There are people who are interested in testing this. The testing is not necessary in order to ship the graphite-web-related parts in the selinux-policy package, but you may download it and do some testing if interested.
Tested this. graphite-web-0.9.12-8.el7.noarch works fine with selinux-policy-3.13.1-23.el7.noarch with selinux Enforcing. files in /var/lib/graphite-web/ have correct, httpd_sys_rw_content_t context.
Thank you, Piotr! Good to know that it works. I could not do it by myself.