Activity
From 04/28/2014 to 05/27/2014
05/27/2014
- 10:27 AM Feature #5930: Implement policy for Katello plugin
- I agree, if we find this annoying, I will work on splitting all the policies. But I hope for 5 lines for Katello, the...
- 08:53 AM Feature #5930: Implement policy for Katello plugin
- Ok, see what it involves, but my concern is if changes are needed regularly in a core Foreman project to support a pl...
- 08:52 AM Feature #5930: Implement policy for Katello plugin
- Why? Katello is a plugin, like others. There is no big benefit in splitting those.
Also, I don't expect katello po... - 08:24 AM Feature #5930: Implement policy for Katello plugin
- This should be a layered policy (katello-selinux), not in foreman-selinux.
05/26/2014
- 02:39 PM Feature #5930 (Closed): Implement policy for Katello plugin
- Some rules can be taken from katello-selinux package.
- 01:42 PM Bug #5827 (Ready For Testing): katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
- https://github.com/theforeman/foreman-selinux/pull/18
- 01:38 PM Bug #5827: katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
- That sounds like a decent plan, but unfortunately port 9090 is already taken by websm service (no clue what this is)....
- 11:26 AM Bug #5910 (Ready For Testing): Puppet or puppetmaster sometimes changes file contexts
- Solved with great help of Mirek Grepl, thanks.
https://github.com/theforeman/foreman-selinux/pull/18 - 09:34 AM Bug #5808 (Ready For Testing): AVC denied { read } for comm="ruby" name="migrate" dev=dm-0 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file
- Rails reads all files in scripts/ subdirectory and since migrate is symlink and symlinks were not allowed by our rule...
05/23/2014
- 01:14 PM Bug #5910: Puppet or puppetmaster sometimes changes file contexts
- ...
- 01:11 PM Bug #5910 (Closed): Puppet or puppetmaster sometimes changes file contexts
- which is prevented by SELinux. This has something to do with selinux users and RHEL6. Discussion is here:...
- 11:37 AM Bug #5827 (Assigned): katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
- 11:12 AM Feature #5870 (Ready For Testing): Write policy for foreman-tasks
- https://github.com/theforeman/foreman-selinux/pull/18 (not yet merged)
- 08:46 AM Bug #5882 (Rejected): Allow foreman to reach dynflow
- We need tasks policy really, testing that.
05/22/2014
- 04:11 PM Bug #5882: Allow foreman to reach dynflow
- ...
- 04:04 PM Bug #5882 (Ready For Testing): Allow foreman to reach dynflow
- https://github.com/theforeman/foreman-selinux/pull/17
- 03:47 PM Bug #5882 (Rejected): Allow foreman to reach dynflow
- Hotfix for https://bugzilla.redhat.com/show_bug.cgi?id=1098244
- 12:12 PM Refactor #5877: Introduce foreman_t domain
- Also there is one block "passenger_run_puppetmaster" which we can refactor/get rid of only after we migrate foreman i...
- 12:06 PM Refactor #5877 (Closed): Introduce foreman_t domain
- Since Passenger 4.0 which allows us to change context of running apps is now both upstream and downstream, we should ...
- 11:00 AM Feature #5870 (Closed): Write policy for foreman-tasks
- Blocker for Staypuft. Working on it from the very morning.
https://bugzilla.redhat.com/show_bug.cgi?id=1098244
05/20/2014
- 03:22 PM Bug #5827: katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
- The issue looks to be that katello-installer has moved the smart proxy port from 8443 to 9090, so the default policy ...
- 03:20 PM Bug #5827 (Closed): katello-installer generates AVC: denied { name_connect } for scontext=passenger_t:s0 tcontext=:websm_port_t:s0 tclass=tcp_socket
- Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1078265
Description of problem:
katello-installer generat... - 08:29 AM Bug #5808 (Closed): AVC denied { read } for comm="ruby" name="migrate" dev=dm-0 scontext=unconfined_u:system_r:passenger_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=lnk_file
- With fresh install of Foreman develop on RHEL 6.5 using
https://github.com/sstephenson/bats.git
https://github....
04/30/2014
- 04:47 PM Bug #5487 (Closed): cant run with SELinix in enforcing after upgrade to 1.5RC2
- Applied in changeset commit:b5f521e7b6514204772e627a63a1102ceb1546ec.
- 04:33 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Thanks for confirming!
- 04:28 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- thanks a lot, that works perfectly, Im now back in Enforcing mode :D
- 02:50 PM Bug #5487 (Ready For Testing): cant run with SELinix in enforcing after upgrade to 1.5RC2
- All right, found the bug. My bad. The patch is here:
https://github.com/theforeman/foreman-selinux/pull/16
Temp... - 01:30 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Lukas Zapletal wrote:
> Confirmed, strange, foreman-selinux should relabel during installation automatically. Can yo... - 12:39 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- My server runs in Enforcing, in fact puppet makes sure it is always in enforcing :-D
OK, ran the relabel and resta... - 09:15 AM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Confirmed, strange, foreman-selinux should relabel during installation automatically. Can you do:
# foreman-se... - 04:32 PM Revision b5f521e7: fixes #5487 - fixed paths in selinux-relabel script
04/29/2014
- 04:15 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Hi Lukas
rubygem-passenger-4.0.18-9.4.el6.x86_64
rubygem-passenger-native-4.0.18-9.4.el6.x86_64
mod_passenger-... - 02:58 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Ok this explains everything. Both puppet master and foreman are running in wrong domain httpd_t instead of passenger_...
- 02:42 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Hi Lukas
Here you go, let me know if you need any thing else
http://paste.fedoraproject.org/97812/98782278/ - 02:22 PM Bug #5487: cant run with SELinix in enforcing after upgrade to 1.5RC2
- Hey thanks for the report, I am unable to confirm with nightly. Can you please give me:
ps auxZwww - 01:37 PM Bug #5487 (Assigned): cant run with SELinix in enforcing after upgrade to 1.5RC2
- 01:35 PM Bug #5487 (Closed): cant run with SELinix in enforcing after upgrade to 1.5RC2
- After upgrading so RC2, I get errors in the WebUI
Oops, we're sorry but something went wrong
Warning!...
04/28/2014
- 01:47 PM Bug #5466 (Closed): Latest passenger update broke SELinux file contexts
- Applied in changeset commit:0e094fe2163182ffed76fe515ec1f737b7c1811b.
- 09:29 AM Bug #5466: Latest passenger update broke SELinux file contexts
- easy one https://github.com/theforeman/foreman-selinux/pull/15
- 09:24 AM Bug #5466 (Closed): Latest passenger update broke SELinux file contexts
- The path has changed....
- 01:47 PM Feature #4278 (Closed): Policy for foreman_discovery
- Applied in changeset commit:3fd96efc80c63145bd863b0a637c6fe7348017e4.
- 01:47 PM Feature #4280 (Closed): Policy for foreman_setup
- Applied in changeset commit:c61a3525f5fc3e0df73df2beafafdd88958cf959.
- 01:47 PM Feature #4279 (Closed): Policy for foreman_hooks
- Applied in changeset commit:cb326b330ff91882b9745b7366a708f6e2096c84.
- 01:47 PM Feature #4277 (Closed): Policy for foreman_bootdisk
- Applied in changeset commit:24f372cb16c39dca4ac50a8c778bb735fcd7b5ec.
- 01:47 PM Feature #4569 (Closed): Policy for websockify
- Applied in changeset commit:4b2eac9095132f97a7d3005bad8d61488fdf7978.
- 12:53 PM Revision 0e094fe2: fixes #5466 - added new passenger file context path
- 12:53 PM Revision a8585d53: Reformatting puppetmaster rules
- 12:53 PM Revision 3fd96efc: fixes #4278 - policy for foreman_discovery
- 12:53 PM Revision c61a3525: fixes #4280 - policy for foreman_setup
- 12:53 PM Revision cb326b33: fixes #4279 - policy for foreman_hooks
- 12:52 PM Revision 24f372cb: fixes #4277 - policy for foreman_bookdisk
- 12:52 PM Revision 4b2eac90: Fixes #4569 - websockify rules
- 08:09 AM Bug #5446 (Rejected): Denial from cron - postfix
- Of course, need more sleep these days.
Also available in: Atom