Bug 970265 - SELinux policies should support all Foreman related machine types
SELinux policies should support all Foreman related machine types
Status: CLOSED DUPLICATE of bug 980982
Product: Red Hat OpenStack
Classification: Red Hat
Component: foreman-selinux (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: Upstream M3
: 4.0
Assigned To: Charles Crouch
Ami Jeain
Depends On:
  Show dependency treegraph
Reported: 2013-06-03 16:22 EDT by Charles Crouch
Modified: 2016-04-26 10:54 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-07-17 15:34:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Charles Crouch 2013-06-03 16:22:02 EDT
Foreman shipping in RHOS3.0 will enable you to provision OpenStack services onto a set of machines chosen by the customer. There are two types of machines in this scenario:

1) The machine the foreman server is installed on. This machine needs to be provisioned by the customer themselves.
2) The machine upon which the OpenStack services will be installed. This machine can either be provisioned via Foreman or provisioned by the customer themselves and just registered with Foreman.

The policies which come with OpenStack should enable SELinux to be enabled on both types of machines described above and have Foreman and its required components continue to function correctly.
Comment 5 Lukas Zapletal 2013-06-04 03:14:25 EDT
Hey, I think the most important thing is to give information to testers (and beta customers) not to turn SELinux off, but put it into permissive mode. Then it can be still easily turned on once we release working policy.
Comment 7 Miroslav Grepl 2013-06-04 07:05:32 EDT
Yes. Also if you see a SELinux issue, please just add it to the bug.

there is a policy for Foreman, right?
Comment 9 Charles Crouch 2013-06-09 22:16:13 EDT
Pushing this to 3.0 async. As mentioned in Comment8, Foreman host will be run in permissive mode for GA, but machines hosting OpenStack services can run with SELinux enabled.
Comment 10 Dominic Cleal 2013-06-10 03:00:47 EDT
An SELinux policy has been released upstream as part of 1.2.0-RC2 (thanks to mgrepl and lzap), so will get some testing as part of this release.

Upstream repo: https://github.com/theforeman/foreman-selinux/ (1.2-stable branch)
Comment 13 Charles Crouch 2013-07-17 15:34:01 EDT
Closing as per Lon's comment

*** This bug has been marked as a duplicate of bug 980982 ***

Note You need to log in before you can comment on or make changes to this bug.