Bug 1240242 - [SELinux] nagios-server-addons should have a dependency on selinux packages (RHEL-6.7)
Summary: [SELinux] nagios-server-addons should have a dependency on selinux packages (...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: nagios-server-addons
Version: rhgs-3.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: RHGS 3.1.0
Assignee: Ramesh N
QA Contact: RamaKasturi
URL:
Whiteboard:
Depends On:
Blocks: 1202842 1212796
TreeView+ depends on / blocked
 
Reported: 2015-07-06 10:25 UTC by Prasanth
Modified: 2015-12-08 12:33 UTC (History)
10 users (show)

Fixed In Version: nagios-server-addons-0.2.1-4.el6rhs
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-29 05:34:58 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2015:1494 0 normal SHIPPED_LIVE Red Hat Gluster Storage Console 3.1 Enhancement and bug fixes 2015-07-29 09:24:02 UTC

Description Prasanth 2015-07-06 10:25:50 UTC 
Description of problem:

nagios-server-addons should have a dependency on selinux packages in RHEL-6.7

Version-Release number of selected component (if applicable):
nagios-server-addons-0.2.1-3.el6rhs


The packages that Milos mentions [1] as possible candidates for
dependent packages list are

 + policycoreutils package because it brings the setsebool command
 + libselinux-utils package because it brings the getsebool command
 + selinux-policy-targeted or selinux-policy-base (virtual package)
because it brings the policy where booleans are defined and stored

If the semanage command is to be used, I would add to the list

 + policycoreutils-python package because it brings the semanage command

It is also interesting to note that the policycoreutils-python package
depends on the policycoreutils package, which further depends on the
libselinux-utils package

And the selinux-policy-targeted package dependency must have a minimal
version restriction for that version which has all the SELinux policy
rules for RHGS 3.1.

See the following BZ's for more details regarding this decision:

https://bugzilla.redhat.com/show_bug.cgi?id=1238055
https://bugzilla.redhat.com/show_bug.cgi?id=1237065



The following SELinux el6 build which has almost all the gluster-SELinux fixes in RHEL-6.7 is what I see as a possible candidate for setting this dependency: 

#####
https://brewweb.devel.redhat.com/buildinfo?buildID=443534
#####

Miroslav/Milos, please confirm if this is the case.
Comment 2 RamaKasturi 2015-07-13 12:22:03 UTC 
Verified and works fine with build nagios-server-addons-0.2.1-4.el6rhs.noarch

Package: nagios-server-addons-0.2.1-4.el6rhs.noarch has (RH-Gluster-3-Nagios-Server) Requires: selinux-policy-targeted >= 3.7.19-279

Following booleans were set when nagios-server-addons is installed on a RHEL6.7 machine.

getsebool -a | grep nagios
logging_syslogd_run_nagios_plugins --> off
nagios_run_sudo --> on

Marking this verified.
Comment 3 errata-xmlrpc 2015-07-29 05:34:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2015-1494.html
Note You need to log in before you can comment on or make changes to this bug.