Description of problem: The release of RHEL 7.3 includes changes to the bcfg2-server SELinux policy that completely break the application. Version-Release number of selected component (if applicable): selinux-policy-3.13.1-102.el7_3.7.noarch How reproducible: Always. Steps to Reproduce: 1. Attempt to start bcfg2-server in enforcing mode. 2. Run bcfg2-server in permissive mode to observe many AVCs Actual results: SELinux prevents the startup and a number of normal operations of the bcfg2-server. Expected results: As in earlier releases, the software should function normally. Additional info:
Created attachment 1235760 [details] AVCs generated by startup and pull of single client
This bugzilla was triaged as "WONTFIX" by the SELinux team, due to third-party software component which can be fixed by component maintainer. To take advantage of Mandatory Access Control mechanism provided by SELinux, you (component maintainer) can ship custom SELinux policy as a subpackage of the affected component. As a starting point you can use policy provided by selinux-policy package. For more details about the custom product policy, please follow the https://fedoraproject.org/wiki/SELinux/IndependentPolicy guideline.
bcfg2 is no longer in epel7. Closing bug.