Project

General

Profile

Bug #18284

foreman-selinux is conflicting with container-selinux

Added by Daniel Lobato Garcia about 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Lobato Garcia
Category:
Compute resources
Target version:
1.15.4
Difficulty:
Triaged:
Bugzilla link:
1414821
Pull request:
https://github.com/theforeman/foreman-selinux/pull/68, https://github.com/theforeman/foreman-selinux/pull/72, https://github.com/theforeman/foreman-selinux/pull/66
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1414821
Description of problem:
foreman-selinux is conflicting with container-selinux
If you install foreman-selinux first then container-selinux module load fails and vice-versa. If you install container-selinux first then foreman-selinux module load fails.

Version-Release number of selected component (if applicable):
@Sat6.2.7
(generally all sat version, but lets stick to 6.2)
foreman-selinux-1.11.0.2-1.el7sat

How reproducible:
Always on RHEL7.3

Steps to Reproduce:
1. Install docker (with its container-selinux)
2. Install Satellite (with its foreman-selinux)

  1. yum install foreman-selinux
    ...

Re-declaration of type docker_port_t <<< this is the issue
Failed to create node
Bad type declaration at /etc/selinux/targeted/tmp/modules/400/foreman/cil:27
OSError: Error
ValueError: Type elasticsearch_port_t is invalid, must be a port type
warning: %post(foreman-selinux-1.11.0.2-1.el7sat.noarch) scriptlet failed, exit status 1
Non-fatal POSTIN scriptlet failure in rpm package foreman-selinux-1.11.0.2-1.el7sat.noarch

  1. semanage fcontext -l | grep foreman
    /opt/theforeman/tfm/root = /

all? most? of foreman selinux types are missing due to conflict

Actual results:
conflicting selinux modules

Expected results:
modules are able to cope together

Associated revisions

Revision c1669217 (diff)
Added by Lukas Zapletal over 5 years ago

Fixes #18284 - removed docker_t port

Revision 1afe719c (diff)
Added by Lukas Zapletal over 5 years ago

Refs #18284 - added foreman_container_port_t

History

#1 Updated by Dominic Cleal about 6 years ago

  • Category set to Compute resources
  • Assignee deleted (Lukas Zapletal)

#2 Updated by The Foreman Bot about 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/foreman-selinux/pull/66 added

#3 Updated by Daniel Lobato Garcia about 6 years ago

  • Target version set to 1.11.0

#4 Updated by The Foreman Bot over 5 years ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/68 added

#5 Updated by Daniel Lobato Garcia over 5 years ago

  • Legacy Backlogs Release (now unused) set to 287

#6 Updated by Lukas Zapletal over 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#7 Updated by The Foreman Bot over 5 years ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/72 added

Also available in: Atom PDF