Bug #6316
closed
Break up foreman, puppetmaster and passenger domains
Description
Currently due to limitations of older versions of passenger, we run both foreman and puppetmaster under passenger_t domain. Also we modify passenger policy from selinux core a bit to fix few bugs.
We would like to introduce wrapper scripts and start both foreman and puppetmaster passenger processes under their own domains.
Part of this effort is to work with selinux team to backport this to RHEL6. They should be able to help us with this since passenger is not currently in RHEL6 (only older version 3.0 in EPEL6), but the policy is present. We might be asked to bump passenger version in EPEL6 first to version 4.0 which allows us to do the wrapping trick.
This task will need some time to test this in foreman community, fedora community and in RHEL6 too.
Updated by Lukas Zapletal almost 10 years ago
- Related to Bug #3080: Installing puppetmaster with passenger without foreman causes AVC denials added
Updated by Lukas Zapletal almost 10 years ago
- Bugzilla link set to https://bugzilla.redhat.com/show_bug.cgi?id=1111567
Updated by Lukas Zapletal almost 10 years ago
- Target version set to 1.8.1
Github integration! Whooo.
Updated by Anonymous almost 10 years ago
- Target version changed from 1.8.1 to 1.8.0
Updated by Anonymous over 9 years ago
- Target version changed from 1.8.0 to 1.7.5
Updated by Lukas Zapletal over 9 years ago
- Target version deleted (
1.7.5)
Moving this off the sprint, I want to work on that later.
Updated by Lukas Zapletal over 9 years ago
Reminder: The packaging part is here: https://github.com/theforeman/foreman-packaging/pull/275
Updated by Lukas Zapletal over 9 years ago
- Bugzilla link deleted (
1111567)
Removing the blocker Satellite 6.0.4 bugzilla from this refactoring effort. This will be done asynchronously since the amount of changes and risk is high.
Updated by Lukas Zapletal almost 4 years ago
- Status changed from New to Resolved
I am doing a cleanup of old SELinux bug reports. We are removing puppetmaster policy based on passenger_t, most of these bugs were related to that.