Project

General

Profile

Activity

From 08/12/2014 to 09/10/2014

09/09/2014

12:13 PM Bug #7388 (Closed): Policy module isn't reloaded when upgrading RPM
The RPM postinstall scriptlet doesn't appear to reload the new module into the SELinux policy when the package is upg... Dominic Cleal
12:01 PM Bug #7198 (Closed): Socket read and write on RHEL7
Applied in changeset commit:0a4d60fa15ba718948f2cb823c826617b69d25fa. Anonymous
11:43 AM Revision 0a4d60fa: Fixes #7198 - allowed httpd_t to read/write to passenger socket
Lukas Zapletal

09/04/2014

03:22 AM Bug #7346 (Ready For Testing): Foreman can't connect to OpenStack port 5000
The Foreman Bot
03:12 AM Bug #7346 (Closed): Foreman can't connect to OpenStack port 5000
... Lukas Zapletal

08/27/2014

02:43 PM Tracker #7249: Policy with workarounds for Foreman w/ Katello
Just for the record this one:... Lukas Zapletal
11:07 AM Tracker #7249: Policy with workarounds for Foreman w/ Katello
Leaked file descriptor of EPEL6 puppet:... Lukas Zapletal
09:56 AM Bug #6316: Break up foreman, puppetmaster and passenger domains
Removing the blocker Satellite 6.0.4 bugzilla from this refactoring effort. This will be done asynchronously since th... Lukas Zapletal

08/26/2014

04:09 AM Feature #4464 (Ready For Testing): Implement SELinux policy for smart-proxy
The Foreman Bot
03:45 AM Bug #7193 (Pending): Katello does not install due to qpidd policy bug
Dominic Cleal
03:44 AM Bug #7250 (Duplicate): Remove sysvinit executable rule in Katello
Dominic Cleal

08/25/2014

01:14 PM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This issue #7178
allow passenger_t self:process execmem;
has been merged upstream but I am going to revert ... Lukas Zapletal
12:28 PM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This rule is required for RHEL 7.0 (without SELinux upcoming errata):
auth_read_passwd(qpidd_t)
https://git... Lukas Zapletal
11:41 AM Tracker #7249: Policy with workarounds for Foreman w/ Katello
This rule is needed for foreman-tasks (#7198):
allow passenger_t httpd_t:unix_stream_socket {read write};
... Lukas Zapletal
11:39 AM Tracker #7249 (Closed): Policy with workarounds for Foreman w/ Katello
There are several workarounds that needs to be solved to get Foreman with Katello working on RHEL6 and RHEL7. I want ... Lukas Zapletal
11:51 AM Bug #7250 (Duplicate): Remove sysvinit executable rule in Katello
Since ping controller no longer execute @/etc/init.d/delayed-jobs@ the rule that allows this can be removed.
https... Lukas Zapletal

08/21/2014

10:39 AM Bug #7198: Socket read and write on RHEL7
Correcting the AVC:... Lukas Zapletal
10:26 AM Bug #7198 (Ready For Testing): Socket read and write on RHEL7
Dominic Cleal
09:38 AM Bug #7198 (Closed): Socket read and write on RHEL7
... Lukas Zapletal
10:26 AM Bug #7193 (Ready For Testing): Katello does not install due to qpidd policy bug
Dominic Cleal
06:16 AM Bug #7193 (Assigned): Katello does not install due to qpidd policy bug
Lukas Zapletal
06:10 AM Bug #7193 (Rejected): Katello does not install due to qpidd policy bug
This is temporary workaround until https://bugzilla.redhat.com/show_bug.cgi?id=1130086 is resolved. Lukas Zapletal
06:21 AM Bug #7178: Allow passenger_t to EXECMEM
Investigating if daemons gem (used by foreman-tasks) does not cause that. Lukas Zapletal

08/20/2014

05:01 PM Bug #7178 (Closed): Allow passenger_t to EXECMEM
Applied in changeset commit:d867377e56451fc43030a30958499d34e6f4e485. Anonymous
04:36 PM Bug #7178: Allow passenger_t to EXECMEM
Scratch that for RHEL7, after investigation from this evening with Jason and Og, it turns out it is not passenger but... Lukas Zapletal
11:17 AM Bug #7178 (Closed): Allow passenger_t to EXECMEM
It was confirmed by our QA department that our application does work file in Enforcing. Lukas Zapletal
04:47 PM Revision d5e80cf1: Merge pull request #28 from lzap/execmem-7178
Fixes #7178 - allowed passenger_t to execmem Lukas Zapletal
04:45 PM Revision d867377e: Fixes #7178 - allowed passenger_t to execmem
Foreman-tasks wont start on RHEL7 Lukas Zapletal

08/15/2014

10:48 AM Feature #4464 (Assigned): Implement SELinux policy for smart-proxy
Dominic Cleal
10:16 AM Feature #4464 (Ready For Testing): Implement SELinux policy for smart-proxy
The Foreman Bot

08/12/2014

01:58 PM Bug #7034: Fix relabel script on RHEL7
In that case add it to release notes. This is big! ;-) Lukas Zapletal
11:01 AM Bug #7034 (Closed): Fix relabel script on RHEL7
Applied in changeset commit:7b9410507203c9c5f58283bc39f5da8ee8a92608. Anonymous
05:23 AM Bug #7034 (Ready For Testing): Fix relabel script on RHEL7
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
04:34 AM Bug #7034 (Closed): Fix relabel script on RHEL7
A downstream bug was reported with some denials which has been fixed already upstream, but it looks like /var/run/for... Lukas Zapletal
11:01 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
Applied in changeset commit:e842477295ed731377f3f43c5b8f84634b6f47a2. Anonymous
05:23 AM Bug #7036 (Ready For Testing): Allow creation of log files for Foreman Rails app
https://github.com/theforeman/foreman-selinux/pull/26 Lukas Zapletal
05:15 AM Bug #7036 (Closed): Allow creation of log files for Foreman Rails app
It looks like our Rails app also creates new log files there. We only allow reads and writes.... Lukas Zapletal
11:01 AM Bug #6979 (Closed): Policy does not load on EL7 due to consoletype_exec_t dependency
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6014 (Closed): AVC denials from Puppet under Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
11:01 AM Bug #6013 (Closed): AVC denials from Passenger on Foreman 1.6 on EL7
Applied in changeset commit:7a59c90304ef32a67457a8071bbda07d161b6236. Anonymous
10:11 AM Revision e8424772: Fixes #7036 - allow log files creation for Rails app
Lukas Zapletal
10:11 AM Revision 7b941050: Fixes #7034 - added RHEL7 support to relabel script
Lukas Zapletal
10:11 AM Revision 7a59c903: Fixes #6013, #6014, #6979 - changes for RHEL7
Lukas Zapletal
 

Also available in: Atom