Project

General

Profile

Bug #32023

Denial when installing on CentOS 8 Stream

Added by Lukas Zapletal about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
General Foreman
Target version:
Foreman - 2.4.0
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-selinux/pull/125
Fixed in Releases:
Foreman - 2.4.0
Found in Releases:

Description

There is the following denial on CO8Stream:

type=AVC msg=audit(1614873402.173:1566): avc: denied { getattr } for pid=30429 comm="httpd" path="/etc/puppetlabs/puppet/ssl/certs/centos8-stream-foreman-nightly.wisse.example.com.pem" dev="vda1" ino=33568393 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:puppet_etc_t:s0 tclass=file permissive=0

This drills down to a problem with a different rule - ipa-selinux don't need to be installed by default and thus relevant macro will not expand correctly.

Associated revisions

Revision 2796f13f (diff)
Added by Lukas Zapletal about 1 month ago

Fixes #32023 - make ipa macro optional

Revision 82fe697c (diff)
Added by Lukas Zapletal about 1 month ago

Fixes #32023 - logging, puppet, tftp, abrt optional

History

#1 Updated by The Foreman Bot about 2 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/125 added

#2 Updated by The Foreman Bot about 1 month ago

  • Fixed in Releases 2.5.0 added

#3 Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Target version set to 2.4.0

I think this is a good candidate for a cherry pick to 2.4 which would likely be the first version to support Stream.

#4 Updated by Anonymous about 1 month ago

  • Status changed from Ready For Testing to Closed

#5 Updated by Tomer Brisker about 1 month ago

  • Fixed in Releases 2.4.0 added
  • Fixed in Releases deleted (2.5.0)

Also available in: Atom PDF