Project

General

Profile

Activity

From 07/28/2014 to 08/26/2014

08/26/2014

04:09 AM Feature #4464 (Ready For Testing): Implement SELinux policy for smart-proxy
The Foreman Bot
03:45 AM Bug #7193 (Pending): Katello does not install due to qpidd policy bug
Dominic Cleal
03:44 AM Bug #7250 (Duplicate): Remove sysvinit executable rule in Katello
Dominic Cleal

08/25/2014

01:14 PM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This issue #7178
allow passenger_t self:process execmem;
has been merged upstream but I am going to revert ... Lukas Zapletal
12:28 PM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This rule is required for RHEL 7.0 (without SELinux upcoming errata):
auth_read_passwd(qpidd_t)
https://git... Lukas Zapletal
11:41 AM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This rule is needed for foreman-tasks (#7198):
allow passenger_t httpd_t:unix_stream_socket {read write};
... Lukas Zapletal
11:39 AM Tracker #7249 (Closed): Policy with workarounds for Foreman w/ Katello
There are several workarounds that needs to be solved to get Foreman with Katello working on RHEL6 and RHEL7. I want ... Lukas Zapletal
11:51 AM Bug #7250 (Duplicate): Remove sysvinit executable rule in Katello
Since ping controller no longer execute @/etc/init.d/delayed-jobs@ the rule that allows this can be removed.
https... Lukas Zapletal

08/21/2014

10:39 AM Bug #7198: Socket read and write on RHEL7
Correcting the AVC:... Lukas Zapletal
10:26 AM Bug #7198 (Ready For Testing): Socket read and write on RHEL7
Dominic Cleal
09:38 AM Bug #7198 (Closed): Socket read and write on RHEL7
... Lukas Zapletal
10:26 AM Bug #7193 (Ready For Testing): Katello does not install due to qpidd policy bug
Dominic Cleal
06:16 AM Bug #7193 (Assigned): Katello does not install due to qpidd policy bug
Lukas Zapletal
06:10 AM Bug #7193 (Rejected): Katello does not install due to qpidd policy bug
This is temporary workaround until https://bugzilla.redhat.com/show_bug.cgi?id=1130086 is resolved. Lukas Zapletal
06:21 AM Bug #7178: Allow passenger_t to EXECMEM
Investigating if daemons gem (used by foreman-tasks) does not cause that. Lukas Zapletal

08/20/2014

05:01 PM Bug #7178 (Closed): Allow passenger_t to EXECMEM
Applied in changeset commit:d867377e56451fc43030a30958499d34e6f4e485. Anonymous
04:36 PM Bug #7178: Allow passenger_t to EXECMEM
Scratch that for RHEL7, after investigation from this evening with Jason and Og, it turns out it is not passenger but... Lukas Zapletal
11:17 AM Bug #7178 (Closed): Allow passenger_t to EXECMEM
It was confirmed by our QA department that our application does work file in Enforcing. Lukas Zapletal
04:47 PM Revision d5e80cf1: Merge pull request #28 from lzap/execmem-7178
Fixes #7178 - allowed passenger_t to execmem Lukas Zapletal
04:45 PM Revision d867377e: Fixes #7178 - allowed passenger_t to execmem
Foreman-tasks wont start on RHEL7 Lukas Zapletal

08/15/2014

10:48 AM Feature #4464 (Assigned): Implement SELinux policy for smart-proxy
Dominic Cleal
10:16 AM Feature #4464 (Ready For Testing): Implement SELinux policy for smart-proxy
The Foreman Bot

08/12/2014

01:58 PM Bug #7034: Fix relabel script on RHEL7
In that case add it to release notes. This is big! ;-) Lukas Zapletal
11:01 AM Bug #7034 (Closed): Fix relabel script on RHEL7
Applied in changeset commit:7b9410507203c9c5f58283bc39f5da8ee8a92608. Anonymous
05:23 AM Bug #7034 (Ready For Testing): Fix relabel script on RHEL7
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
04:34 AM Bug #7034 (Closed): Fix relabel script on RHEL7
A downstream bug was reported with some denials which has been fixed already upstream, but it looks like /var/run/for... Lukas Zapletal
11:01 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
Applied in changeset commit:e842477295ed731377f3f43c5b8f84634b6f47a2. Anonymous
05:23 AM Bug #7036 (Ready For Testing): Allow creation of log files for Foreman Rails app
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
05:15 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
It looks like our Rails app also creates new log files there. We only allow reads and writes.... Lukas Zapletal
11:01 AM Bug #6979 (Closed): Policy does not load on EL7 due to consoletype_exec_t dependency
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6014 (Closed): AVC denials from Puppet under Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6013 (Closed): AVC denials from Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
10:11 AM Revision e8424772: Fixes #7036 - allow log files creation for Rails app
Lukas Zapletal
10:11 AM Revision 7b941050: Fixes #7034 - added RHEL7 support to relabel script
Lukas Zapletal
10:11 AM Revision 7a59c903: Fixes #6013, #6014, #6979 - changes for RHEL7
Lukas Zapletal

08/11/2014

12:56 PM Feature #4464 (Assigned): Implement SELinux policy for smart-proxy
Yup, it's official. I started works on the foreman-proxy policy. Lukas Zapletal
05:21 AM Revision 7d5f1efe: Bump version to 1.7-develop
Dominic Cleal

08/07/2014

09:55 AM Bug #6014 (Ready For Testing): AVC denials from Puppet under Passenger on Foreman 1.6 on EL7
These can be safely added, for some reason Puppet reads the ENC script. Different puppet in RHEL7 I guess. Allowed.
... Lukas Zapletal
09:52 AM Bug #6013 (Ready For Testing): AVC denials from Passenger on Foreman 1.6 on EL7
For the fs_getattr_xattr_fs, I was able to track it down a bit. Passenger creates few directories under /tmp during s... Lukas Zapletal
09:25 AM Bug #6979 (Ready For Testing): Policy does not load on EL7 due to consoletype_exec_t dependency
I've confirmed with Mirek that this macro was removed from RHEL7. Optional block should do it.
https://github.com/... Lukas Zapletal
07:04 AM Bug #6979: Policy does not load on EL7 due to consoletype_exec_t dependency
Part 1: https://github.com/theforeman/foreman-packaging/pull/305 Lukas Zapletal
07:01 AM Bug #6979 (Closed): Policy does not load on EL7 due to consoletype_exec_t dependency
On my RHEL7 system, policy does not load at all. The reason is hidden, because the scriplet silently continues. We sh... Lukas Zapletal
07:29 AM Bug #6316: Break up foreman, puppetmaster and passenger domains
Reminder: The packaging part is here: https://github.com/theforeman/foreman-packaging/pull/275 Lukas Zapletal
07:29 AM Bug #6316: Break up foreman, puppetmaster and passenger domains
Moving this off the sprint, I want to work on that later. Lukas Zapletal

08/06/2014

12:01 PM Feature #6961 (Closed): Permit websockify access to Puppet SSL certs for consoles
Applied in changeset commit:cb7389ccb0ec3a1cf8c03da1e6192c11908e23e6. Anonymous
10:27 AM Feature #6961 (Closed): Permit websockify access to Puppet SSL certs for consoles
So consoles using websockify can be SSL-enabled and served over HTTPS, the websockify domain needs access to Puppet S... Dominic Cleal
11:19 AM Revision cb7389cc: fixes #6961 - Allow websockify to read puppet cert
Lukas Zapletal
10:01 AM Bug #6780 (Closed): Unable to remove foreman-selinux
Applied in changeset commit:ae6f1a694d6a13c32d9bdfecbbb95cd2d0bb20bd. Anonymous
09:50 AM Revision ae6f1a69: Fixes #6780 - Remove elasticsearch port on uninstall
Lukas Zapletal

07/30/2014

09:13 AM Feature #4113 (New): Restrict Foreman not to be able to write to /usr/share/foreman
Lukas Zapletal
 

Also available in: Atom