Activity
From 02/05/2014 to 03/06/2014
03/06/2014
- 11:17 AM Feature #4569 (Closed): Policy for websockify
- We need a policy for websockify.
03/03/2014
- 01:02 PM Feature #4278 (Assigned): Policy for foreman_discovery
- Yami yami :-)
02/26/2014
- 02:58 PM Feature #4464: Implement SELinux policy for smart-proxy
- Agreed... the trouble is also that the proxy codebase is messy and it has a lot of ugly implementations. I think the...
- 02:51 PM Feature #4464 (Closed): Implement SELinux policy for smart-proxy
- Now the question is how deep we want to go. Smart proxy can be configured to spawn virsh via sudo and other stuff. I ...
- 01:47 PM Bug #3465 (Closed): AVC denials with Foreman 1.3 on RHEL 6
- Applied in changeset commit:2f43f94780297adc18eb9b4b3eecf5c2f5aa6de6.
- 11:13 AM Bug #3465 (Ready For Testing): AVC denials with Foreman 1.3 on RHEL 6
- https://github.com/theforeman/foreman-selinux/pull/14
- 01:36 PM Revision 2f43f947: fixes #3465 - passanger spawns /bin/ps
- 08:51 AM Bug #4458: AVC denials aboutname="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
- Ok I guess we need to add the following rules:...
- 08:46 AM Bug #4458 (Duplicate): AVC denials aboutname="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
- Looks the same as #3465.
- 08:41 AM Bug #4458: AVC denials aboutname="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
- Thanks. It looks like we need to open access to sysfs domain, but I can't find WHY it tries to read this file.
It ... - 08:37 AM Bug #4458 (Duplicate): AVC denials aboutname="online" dev=sysfs ino=23 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file
- Installing Foreman nightly from
baseurl=http://yum.theforeman.org/nightly/el6/$basearch
on RHEL 6.5 causes AV...
02/06/2014
- 12:26 PM Feature #4280 (Closed): Policy for foreman_setup
- foreman_setup should be tested under SELinux and policy updated.
(I can't actually think of anything that might br... - 12:26 PM Feature #4279 (Closed): Policy for foreman_hooks
- foreman_hooks should be tested under SELinux and policy updated.
- 12:26 PM Feature #4278 (Closed): Policy for foreman_discovery
- foreman_discovery should be tested under SELinux and policy updated.
- 12:25 PM Feature #4277 (Closed): Policy for foreman_bootdisk
- foreman_bootdisk should be tested under SELinux and policy updated.
Also available in: Atom