Project

General

Profile

Actions
Copy link

Bug #6316

closed

Break up foreman, puppetmaster and passenger domains

Added by Lukas Zapletal about 11 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Packaging
Target version:
-
Difficulty:
medium
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Currently due to limitations of older versions of passenger, we run both foreman and puppetmaster under passenger_t domain. Also we modify passenger policy from selinux core a bit to fix few bugs.

We would like to introduce wrapper scripts and start both foreman and puppetmaster passenger processes under their own domains.

Part of this effort is to work with selinux team to backport this to RHEL6. They should be able to help us with this since passenger is not currently in RHEL6 (only older version 3.0 in EPEL6), but the policy is present. We might be asked to bump passenger version in EPEL6 first to version 4.0 which allows us to do the wrapping trick.

This task will need some time to test this in foreman community, fedora community and in RHEL6 too.

Related issues 1 (0 open1 closed)

Related to Installer - Bug #3080: Installing puppetmaster with passenger without foreman causes AVC denialsClosedActions
Actions
Copy link

Also available in: Atom PDF