Project

General

Profile

Activity

From 04/22/2014 to 05/21/2014

05/20/2014

03:22 PM Bug #5827: katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
The issue looks to be that katello-installer has moved the smart proxy port from 8443 to 9090, so the default policy ... Dominic Cleal
03:20 PM Bug #5827 (Closed): katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1078265
Description of problem:
katello-installer generat... Dominic Cleal
08:29 AM Bug #5808 (Closed): AVC denied { read } for comm="ruby" name="migrate" dev=dm-0 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file
With fresh install of Foreman develop on RHEL 6.5 using
https://github.com/sstephenson/bats.git
https://github.... Jan Pazdziora

04/30/2014

04:47 PM Bug #5487 (Closed): cant run with SELinix in enforcing after upgrade to 1.5RC2
Applied in changeset commit:b5f521e7b6514204772e627a63a1102ceb1546ec. Anonymous
04:33 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Thanks for confirming! Dominic Cleal
04:28 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
thanks a lot, that works perfectly, Im now back in Enforcing mode :D Ade Bradshaw
02:50 PM Bug #5487 (Ready For Testing): cant run with SELinix in enforcing after upgrade to 1.5RC2
All right, found the bug. My bad. The patch is here:
https://github.com/theforeman/foreman-selinux/pull/16
Temp... Lukas Zapletal
01:30 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Lukas Zapletal wrote:
> Confirmed, strange, foreman-selinux should relabel during installation automatically. Can yo... Joop van de Wege
12:39 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
My server runs in Enforcing, in fact puppet makes sure it is always in enforcing :-D
OK, ran the relabel and resta... Ade Bradshaw
09:15 AM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Confirmed, strange, foreman-selinux should relabel during installation automatically. Can you do:
# foreman-se... Lukas Zapletal
04:32 PM Revision b5f521e7: fixes #5487 - fixed paths in selinux-relabel script
Lukas Zapletal

04/29/2014

04:15 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Hi Lukas
rubygem-passenger-4.0.18-9.4.el6.x86_64
rubygem-passenger-native-4.0.18-9.4.el6.x86_64
mod_passenger-... Ade Bradshaw
02:58 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Ok this explains everything. Both puppet master and foreman are running in wrong domain httpd_t instead of passenger_... Lukas Zapletal
02:42 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Hi Lukas
Here you go, let me know if you need any thing else
http://paste.fedoraproject.org/97812/98782278/ Ade Bradshaw
02:22 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
Hey thanks for the report, I am unable to confirm with nightly. Can you please give me:
ps auxZwww Lukas Zapletal
01:37 PM Bug #5487 (Assigned): cant run with SELinix in enforcing after upgrade to 1.5RC2
Dominic Cleal
01:35 PM Bug #5487 (Closed): cant run with SELinix in enforcing after upgrade to 1.5RC2
After upgrading so RC2, I get errors in the WebUI
Oops, we're sorry but something went wrong

Warning!... Ade Bradshaw

04/28/2014

01:47 PM Bug #5466 (Closed): Latest passenger update broke SELinux file contexts
Applied in changeset commit:0e094fe2163182ffed76fe515ec1f737b7c1811b. Anonymous
09:29 AM Bug #5466: Latest passenger update broke SELinux file contexts
easy one https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
09:24 AM Bug #5466 (Closed): Latest passenger update broke SELinux file contexts
The path has changed.... Lukas Zapletal
01:47 PM Feature #4278 (Closed): Policy for foreman_discovery
Applied in changeset commit:3fd96efc80c63145bd863b0a637c6fe7348017e4. Anonymous
01:47 PM Feature #4280 (Closed): Policy for foreman_setup
Applied in changeset commit:c61a3525f5fc3e0df73df2beafafdd88958cf959. Anonymous
01:47 PM Feature #4279 (Closed): Policy for foreman_hooks
Applied in changeset commit:cb326b330ff91882b9745b7366a708f6e2096c84. Anonymous
01:47 PM Feature #4277 (Closed): Policy for foreman_bootdisk
Applied in changeset commit:24f372cb16c39dca4ac50a8c778bb735fcd7b5ec. Anonymous
01:47 PM Feature #4569 (Closed): Policy for websockify
Applied in changeset commit:4b2eac9095132f97a7d3005bad8d61488fdf7978. Anonymous
12:53 PM Revision 0e094fe2: fixes #5466 - added new passenger file context path
Lukas Zapletal
12:53 PM Revision a8585d53: Reformatting puppetmaster rules
Lukas Zapletal
12:53 PM Revision 3fd96efc: fixes #4278 - policy for foreman_discovery
Lukas Zapletal
12:53 PM Revision c61a3525: fixes #4280 - policy for foreman_setup
Lukas Zapletal
12:53 PM Revision cb326b33: fixes #4279 - policy for foreman_hooks
Lukas Zapletal
12:52 PM Revision 24f372cb: fixes #4277 - policy for foreman_bookdisk
Lukas Zapletal
12:52 PM Revision 4b2eac90: Fixes #4569 - websockify rules
Lukas Zapletal
08:09 AM Bug #5446 (Rejected): Denial from cron - postfix
Of course, need more sleep these days. Lukas Zapletal

04/25/2014

01:15 PM Bug #5446 (New): Denial from cron - postfix
This should be filed against the base OS in my opinion, it looks like Postfix is searching /var/lib and hitting /var/... Dominic Cleal
12:40 PM Bug #5446: Denial from cron - postfix
https://github.com/theforeman/foreman-selinux/pull/15
Added to existing PR. Lukas Zapletal
12:38 PM Bug #5446 (Rejected): Denial from cron - postfix
AVC:... Lukas Zapletal
12:37 PM Bug #3895: AVC denials from Foreman 1.3 installation
Ah too late. Lukas Zapletal
12:37 PM Bug #3895: AVC denials from Foreman 1.3 installation
FYI we have fixed the "ps" thing recently, not sure about the rest. Lukas Zapletal
11:40 AM Bug #3895 (Resolved): AVC denials from Foreman 1.3 installation
I believe these have been resolved by various updates to the policy between 1.3 and 1.5. The node.rb is now labelled... Dominic Cleal
10:33 AM Feature #4569 (Ready For Testing): Policy for websockify
https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
10:33 AM Feature #4278 (Ready For Testing): Policy for foreman_discovery
https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
10:33 AM Feature #4280 (Ready For Testing): Policy for foreman_setup
https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
10:33 AM Feature #4279 (Ready For Testing): Policy for foreman_hooks
https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
10:33 AM Feature #4277 (Ready For Testing): Policy for foreman_bootdisk
https://github.com/theforeman/foreman-selinux/pull/15 Lukas Zapletal
10:20 AM Feature #4113: Restrict Foreman not to be able to write to /usr/share/foreman
I will implement this change POST 1.5 release, because this refactoring can bring some issues. Lukas Zapletal

04/24/2014

12:09 PM Feature #4279 (Assigned): Policy for foreman_hooks
Lukas Zapletal
12:09 PM Feature #4113 (Assigned): Restrict Foreman not to be able to write to /usr/share/foreman
Lukas Zapletal
12:09 PM Feature #4280 (Assigned): Policy for foreman_setup
Lukas Zapletal
12:09 PM Feature #4277 (Assigned): Policy for foreman_bootdisk
Lukas Zapletal

04/22/2014

01:51 PM Feature #2820 (Resolved): Improve SELinux policy for puppet
https://admin.fedoraproject.org/updates/puppet-3.4.3-3.fc20 Lukas Zapletal
 

Also available in: Atom