Project

General

Profile

Activity

From 07/17/2014 to 08/15/2014

08/15/2014

10:48 AM Feature #4464 (Assigned): Implement SELinux policy for smart-proxy
Dominic Cleal
10:16 AM Feature #4464 (Ready For Testing): Implement SELinux policy for smart-proxy
The Foreman Bot

08/12/2014

01:58 PM Bug #7034: Fix relabel script on RHEL7
In that case add it to release notes. This is big! ;-) Lukas Zapletal
11:01 AM Bug #7034 (Closed): Fix relabel script on RHEL7
Applied in changeset commit:7b9410507203c9c5f58283bc39f5da8ee8a92608. Anonymous
05:23 AM Bug #7034 (Ready For Testing): Fix relabel script on RHEL7
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
04:34 AM Bug #7034 (Closed): Fix relabel script on RHEL7
A downstream bug was reported with some denials which has been fixed already upstream, but it looks like /var/run/for... Lukas Zapletal
11:01 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
Applied in changeset commit:e842477295ed731377f3f43c5b8f84634b6f47a2. Anonymous
05:23 AM Bug #7036 (Ready For Testing): Allow creation of log files for Foreman Rails app
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
05:15 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
It looks like our Rails app also creates new log files there. We only allow reads and writes.... Lukas Zapletal
11:01 AM Bug #6979 (Closed): Policy does not load on EL7 due to consoletype_exec_t dependency
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6014 (Closed): AVC denials from Puppet under Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6013 (Closed): AVC denials from Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
10:11 AM Revision e8424772: Fixes #7036 - allow log files creation for Rails app
Lukas Zapletal
10:11 AM Revision 7b941050: Fixes #7034 - added RHEL7 support to relabel script
Lukas Zapletal
10:11 AM Revision 7a59c903: Fixes #6013, #6014, #6979 - changes for RHEL7
Lukas Zapletal

08/11/2014

12:56 PM Feature #4464 (Assigned): Implement SELinux policy for smart-proxy
Yup, it's official. I started works on the foreman-proxy policy. Lukas Zapletal
05:21 AM Revision 7d5f1efe: Bump version to 1.7-develop
Dominic Cleal

08/07/2014

09:55 AM Bug #6014 (Ready For Testing): AVC denials from Puppet under Passenger on Foreman 1.6 on EL7
These can be safely added, for some reason Puppet reads the ENC script. Different puppet in RHEL7 I guess. Allowed.
... Lukas Zapletal
09:52 AM Bug #6013 (Ready For Testing): AVC denials from Passenger on Foreman 1.6 on EL7
For the fs_getattr_xattr_fs, I was able to track it down a bit. Passenger creates few directories under /tmp during s... Lukas Zapletal
09:25 AM Bug #6979 (Ready For Testing): Policy does not load on EL7 due to consoletype_exec_t dependency
I've confirmed with Mirek that this macro was removed from RHEL7. Optional block should do it.
https://github.com/... Lukas Zapletal
07:04 AM Bug #6979: Policy does not load on EL7 due to consoletype_exec_t dependency
Part 1: https://github.com/theforeman/foreman-packaging/pull/305 Lukas Zapletal
07:01 AM Bug #6979 (Closed): Policy does not load on EL7 due to consoletype_exec_t dependency
On my RHEL7 system, policy does not load at all. The reason is hidden, because the scriplet silently continues. We sh... Lukas Zapletal
07:29 AM Bug #6316: Break up foreman, puppetmaster and passenger domains
Reminder: The packaging part is here: https://github.com/theforeman/foreman-packaging/pull/275 Lukas Zapletal
07:29 AM Bug #6316: Break up foreman, puppetmaster and passenger domains
Moving this off the sprint, I want to work on that later. Lukas Zapletal

08/06/2014

12:01 PM Feature #6961 (Closed): Permit websockify access to Puppet SSL certs for consoles
Applied in changeset commit:cb7389ccb0ec3a1cf8c03da1e6192c11908e23e6. Anonymous
10:27 AM Feature #6961 (Closed): Permit websockify access to Puppet SSL certs for consoles
So consoles using websockify can be SSL-enabled and served over HTTPS, the websockify domain needs access to Puppet S... Dominic Cleal
11:19 AM Revision cb7389cc: fixes #6961 - Allow websockify to read puppet cert
Lukas Zapletal
10:01 AM Bug #6780 (Closed): Unable to remove foreman-selinux
Applied in changeset commit:ae6f1a694d6a13c32d9bdfecbbb95cd2d0bb20bd. Anonymous
09:50 AM Revision ae6f1a69: Fixes #6780 - Remove elasticsearch port on uninstall
Lukas Zapletal

07/30/2014

09:13 AM Feature #4113 (New): Restrict Foreman not to be able to write to /usr/share/foreman
Lukas Zapletal

07/25/2014

10:05 AM Bug #6780 (Ready For Testing): Unable to remove foreman-selinux
To fix this bug, apply both patches:
https://github.com/theforeman/foreman-selinux/pull/24
https://github.com/the... Lukas Zapletal
09:02 AM Bug #6780 (Assigned): Unable to remove foreman-selinux
Lukas Zapletal
02:23 AM Bug #6780 (Closed): Unable to remove foreman-selinux
We forgot to remove all ports before uninstall.... Lukas Zapletal
 

Also available in: Atom