Bug 805127 - CFSE installation is missing Candlepin SELinux policy
Summary: CFSE installation is missing Candlepin SELinux policy
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Subscription Management
Version: 6.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
low vote
Target Milestone: Unspecified
Assignee: Miroslav Suchý
QA Contact: Og Maciel
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-03-20 15:17 UTC by Lukas Zapletal
Modified: 2019-09-26 15:54 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-02 14:08:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Lukas Zapletal 2012-03-20 15:17:45 UTC 
Description of problem:

After I installed CFSE BETA5, I dont see any selinux candlepin package and there is no selinux module. Tomcat (Candlepin) is running in unconfined mode:

unconfined_u:system_r:unconfined_java_t:s0 tomcat 4238 1.3 18.7 2716184 262644 ? Sl 15:50   0:20 /usr/lib/jvm/jre/bin/java

# rpm -qa | grep selinux
selinux-policy-3.7.19-126.el6.noarch
pulp-selinux-server-1.0.0-4.el6.noarch
libselinux-python-2.0.94-5.2.el6.x86_64
libselinux-utils-2.0.94-5.2.el6.x86_64
selinux-policy-targeted-3.7.19-126.el6.noarch
libselinux-ruby-2.0.94-5.2.el6.x86_64
katello-selinux-0.1.8-1.el6.noarch
libselinux-2.0.94-5.2.el6.x86_64

# semodule -l | grep candlepin
(nothing)

Expected results:

candlepin-selinux package installed and selinux module enabled
Comment 1 Lukas Zapletal 2012-03-20 15:23:56 UTC 
Workaround:

yum -y install candlepin-selinux

Part of this bug/task:

- make sure katello-all installs this package
- do some testing of katello and candlepin running in confined mode
- no denails should be there prior commiting the change
Comment 6 Lukas Zapletal 2012-05-21 14:52:06 UTC 
Ok setting low prio, Candlepin is a java app, runs unconfined.
Comment 7 Lukas Zapletal 2012-08-22 07:45:33 UTC 
https://github.com/Katello/katello/pull/498
Comment 8 Miroslav Suchý 2012-08-22 08:02:51 UTC 
Fixed in commit 7ac95d4.
Comment 9 Og Maciel 2013-02-01 20:33:57 UTC 
* CFSE 1.1.1 ships candlepin-selinux-0.7.8.1-1.el6cf.noarch
* CFSE 1.1.2 will ship candlepin-selinux-0.7.19-3.el6cf.noarch
* SAM does not seem to ship it. Will file a BZ.
Comment 10 Bryan Kearney 2014-07-02 14:08:43 UTC 
This was delivered with 6.0.3, which is the Satellite 6 Beta.
Note You need to log in before you can comment on or make changes to this bug.