Bug #32023
Denial when installing on CentOS 8 Stream
Description
There is the following denial on CO8Stream:
type=AVC msg=audit(1614873402.173:1566): avc: denied { getattr } for pid=30429 comm="httpd" path="/etc/puppetlabs/puppet/ssl/certs/centos8-stream-foreman-nightly.wisse.example.com.pem" dev="vda1" ino=33568393 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:puppet_etc_t:s0 tclass=file permissive=0
This drills down to a problem with a different rule - ipa-selinux don't need to be installed by default and thus relevant macro will not expand correctly.
Associated revisions
Fixes #32023 - logging, puppet, tftp, abrt optional
History
#1
Updated by The Foreman Bot about 2 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-selinux/pull/125 added
#2
Updated by The Foreman Bot about 1 month ago
- Fixed in Releases 2.5.0 added
#3
Updated by Ewoud Kohl van Wijngaarden about 1 month ago
- Target version set to 2.4.0
I think this is a good candidate for a cherry pick to 2.4 which would likely be the first version to support Stream.
#4
Updated by Anonymous about 1 month ago
- Status changed from Ready For Testing to Closed
Applied in changeset 2796f13f1ea3802eaa03a8875d58ae8aeb931045.
#5
Updated by Tomer Brisker about 1 month ago
- Fixed in Releases 2.4.0 added
- Fixed in Releases deleted (
2.5.0)
Fixes #32023 - make ipa macro optional