Foreman shipping in RHOS3.0 will enable you to provision OpenStack services onto a set of machines chosen by the customer. There are two types of machines in this scenario: 1) The machine the foreman server is installed on. This machine needs to be provisioned by the customer themselves. 2) The machine upon which the OpenStack services will be installed. This machine can either be provisioned via Foreman or provisioned by the customer themselves and just registered with Foreman. The policies which come with OpenStack should enable SELinux to be enabled on both types of machines described above and have Foreman and its required components continue to function correctly.
Hey, I think the most important thing is to give information to testers (and beta customers) not to turn SELinux off, but put it into permissive mode. Then it can be still easily turned on once we release working policy.
Yes. Also if you see a SELinux issue, please just add it to the bug. Lukas, there is a policy for Foreman, right?
Pushing this to 3.0 async. As mentioned in Comment8, Foreman host will be run in permissive mode for GA, but machines hosting OpenStack services can run with SELinux enabled.
An SELinux policy has been released upstream as part of 1.2.0-RC2 (thanks to mgrepl and lzap), so will get some testing as part of this release. Upstream repo: https://github.com/theforeman/foreman-selinux/ (1.2-stable branch)
Closing as per Lon's comment *** This bug has been marked as a duplicate of bug 980982 ***