nagios-server-addons should have a dependency on selinux packages in RHEL-7.1 Version-Release number of selected component (if applicable): samba-vfs-glusterfs-4.1.17-7.el6rhs.x86_64 The packages that Milos mentions [1] as possible candidates for dependent packages list are + policycoreutils package because it brings the setsebool command + libselinux-utils package because it brings the getsebool command + selinux-policy-targeted or selinux-policy-base (virtual package) because it brings the policy where booleans are defined and stored If the semanage command is to be used, I would add to the list + policycoreutils-python package because it brings the semanage command It is also interesting to note that the policycoreutils-python package depends on the policycoreutils package, which further depends on the libselinux-utils package And the selinux-policy-targeted package dependency must have a minimal version restriction for that version which has all the SELinux policy rules for RHGS 3.1. See the following BZ's for more details regarding this decision: https://bugzilla.redhat.com/show_bug.cgi?id=1238055 https://bugzilla.redhat.com/show_bug.cgi?id=1237065 The only available and latest SELinux RHEL-7.1 build is: https://brewweb.devel.redhat.com/buildinfo?buildID=441837 However, I'm not very sure if this can be considered as the right candidate for setting the above required dependency as it doesn't seems to have all the fixes backported. So either we should wait for a build which has all the fixes backported or get a confirmation from the SELinux team to go with this build. Miroslav/Milos, Could you please check the above and confirm so that we can proceed further with creating this dependency.
package selinux-policy-targeted-3.13.1-23 has all the sebools (nagios_run_pnp4nagios, nagios_run_sudo) required for nagios-server-addons. So i will add a dependency on the same. Clearing the need info on mgrepl
From information available at BZ 1241551 I suspect that the selinux-policy build version number used when adding dependency at the new nagios-server-addons-0.2.1-6.el7rhgs.x86_64 build was wrong The selinux-policy build at https://brewweb.devel.redhat.com/buildinfo?buildID=441837 is selinux-policy-3.13.1-23.el7_1.8 I also see a new build available at https://brewweb.devel.redhat.com/buildinfo?buildID=445977 which is selinux-policy-3.13.1-23.el7_1.9 . The change log suggests that more fixes related to RHGS are in this build.
The selinux-policy build at https://brewweb.devel.redhat.com/buildinfo?buildID=441837 is enough for nagios-server-addons. It has the sebooleans required for nagios server. I was slightly confused with the version which is available in the build and available in change log. 'selinux-policy-3.13.1-23.el7_1.8' is the right version which needs to be put in. Can we re-open this bug should and close the bz#1241551 as duplicate of this.
as per comment 4, dependency added was not available. We need a rebuild with dependency which is available in RHEL7.1. Moving the bug back to Assigned.
Add selinux-policy-targeted-3.13.1-23.el7_1.9 as dependency
*** Bug 1241551 has been marked as a duplicate of this bug. ***
An imp note : selinux-policy-3.13.1-23.el7_1.9 is still not part of RHEL-7.1-z (not available in the below hierarchy) and is only proposed for RHEL-7.1-z. Till its moved to rhel-7.1-z, the puddle and ISO will fail with repo-closure errors. Any idea when this bug will get moved to rhel-7.1-z. rhel-7-latest-released (6325) └─rhel-7.1-z (7435) └─rhel-7.1 (6219) └─rhel-7.1-fastrack (6435) └─rhel-7.0-z (6087) └─rhel-7.0 (3662) └─rhel-7.0-internalsnapshot-1-set (5282)
Verified and works fine with build nagios-server-addons-0.2.1-7.el7rhgs.x86_64. nagios-server-addons has requires on selinux-policy Package: nagios-server-addons-0.2.1-7.el7rhgs.x86_64 (Server-RH-Gluster-3-Nagios-Server) Requires: selinux-policy-targeted >= 3.13.1-23.el7_1.9 Following booleans are set to on when doing a fresh installation of nagios-server-addons on RHEL7. nagios_run_pnp4nagios --> on nagios_run_sudo --> on logging_syslogd_run_nagios_plugins --> off
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2015-1494.html