Bug #32023
Denial when installing on CentOS 8 Stream
Description
There is the following denial on CO8Stream:
type=AVC msg=audit(1614873402.173:1566): avc: denied { getattr } for pid=30429 comm="httpd" path="/etc/puppetlabs/puppet/ssl/certs/centos8-stream-foreman-nightly.wisse.example.com.pem" dev="vda1" ino=33568393 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:puppet_etc_t:s0 tclass=file permissive=0
This drills down to a problem with a different rule - ipa-selinux don't need to be installed by default and thus relevant macro will not expand correctly.
Associated revisions
Fixes #32023 - logging, puppet, tftp, abrt optional
History
#1
Updated by The Foreman Bot 7 months ago
Updated by - Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman-selinux/pull/125 added
#2
Updated by The Foreman Bot 7 months ago
- Fixed in Releases 2.5.0 added
#3
Updated by Ewoud Kohl van Wijngaarden 7 months ago
Updated by - Target version set to 2.4.0
I think this is a good candidate for a cherry pick to 2.4 which would likely be the first version to support Stream.
#4
Updated by Anonymous 7 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset 2796f13f1ea3802eaa03a8875d58ae8aeb931045.
#5
Updated by Tomer Brisker 7 months ago
Updated by - Fixed in Releases 2.4.0 added
- Fixed in Releases deleted (
2.5.0)
#6
Updated by Tomer Brisker 4 months ago
- Target version changed from 2.4.0 to 2.3.5
#7
Updated by Tomer Brisker 4 months ago
- Fixed in Releases 2.3.5 added
Fixes #32023 - make ipa macro optional