Bug #18284

foreman-selinux is conflicting with container-selinux

Added by Daniel Lobato Garcia about 1 year ago. Updated 4 months ago.

Assigned To:Daniel Lobato Garcia
Category:Compute resources
Target version:Foreman - Team Daniel - Iteration 9
Difficulty: Bugzilla link:1414821
Found in release: Pull request:https://github.com/theforeman/foreman-selinux/pull/72, https://github.com/theforeman/foreman-selinux/pull/66, https://github.com/theforeman/foreman-selinux/pull/68
Story points-
Velocity based estimate-
Release1.15.4Release relationshipAuto


Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1414821
Description of problem:
foreman-selinux is conflicting with container-selinux
If you install foreman-selinux first then container-selinux module load fails and vice-versa. If you install container-selinux first then foreman-selinux module load fails.

Version-Release number of selected component (if applicable):
(generally all sat version, but lets stick to 6.2)

How reproducible:
Always on RHEL7.3

Steps to Reproduce:
1. Install docker (with its container-selinux)
2. Install Satellite (with its foreman-selinux)

  1. yum install foreman-selinux

Re-declaration of type docker_port_t <<< this is the issue
Failed to create node
Bad type declaration at /etc/selinux/targeted/tmp/modules/400/foreman/cil:27
OSError: Error
ValueError: Type elasticsearch_port_t is invalid, must be a port type
warning: %post(foreman-selinux- scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package foreman-selinux-

  1. semanage fcontext -l | grep foreman
    /opt/theforeman/tfm/root = /

all? most? of foreman selinux types are missing due to conflict

Actual results:
conflicting selinux modules

Expected results:
modules are able to cope together

Associated revisions

Revision c1669217
Added by Lukas Zapletal 7 months ago

Fixes #18284 - removed docker_t port

Revision 1afe719c
Added by Lukas Zapletal 4 months ago

Refs #18284 - added foreman_container_port_t


#1 Updated by Dominic Cleal about 1 year ago

  • Category set to Compute resources
  • Assigned To deleted (Lukas Zapletal)

#2 Updated by The Foreman Bot about 1 year ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman-selinux/pull/66 added

#3 Updated by Daniel Lobato Garcia about 1 year ago

  • Target version set to Team Daniel - Iteration 9

#4 Updated by The Foreman Bot 7 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/68 added

#5 Updated by Daniel Lobato Garcia 7 months ago

  • Release set to 1.15.4

#6 Updated by Lukas Zapletal 7 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#7 Updated by The Foreman Bot 5 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/72 added

Also available in: Atom PDF