Project

General

Profile

Bug #7098

Improve selinux reporting in foreman-debug

Added by Lukas Zapletal about 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Packaging
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

We already added some information to foreman-debug (grep AVC and audit2allow).

Unfortunately when selinux interfaces are not installed and generated, -R option can fail:

COMMAND> audit2allow -R < /var/log/audit/audit.log

could not open interface info [/var/lib/sepolgen/interface_info]

I am going to fix this:

  • instead of grep AVC we will do sesearch -m AVC which gives nicer overview including SYSCALL lines
  • instead audit2allow -R we will try to generate interfaces and if that fails we will do audit2allow without the -R option

Associated revisions

Revision 80cc99f4 (diff)
Added by Lukas Zapletal almost 5 years ago

Fixes #7098 - better selinux reporting in foreman-debug

History

#1 Updated by The Foreman Bot about 5 years ago

  • Status changed from Assigned to Ready For Testing
  • Target version set to 1.7.5
  • Pull request https://github.com/theforeman/foreman/pull/1691 added
  • Pull request deleted ()

#2 Updated by Lukas Zapletal about 5 years ago

  • Category set to Packaging

#3 Updated by Dmitri Dolguikh almost 5 years ago

  • Target version changed from 1.7.5 to 1.7.4

#4 Updated by Lukas Zapletal almost 5 years ago

  • Bugzilla link set to 1134737

#5 Updated by Dmitri Dolguikh almost 5 years ago

  • Target version changed from 1.7.4 to 1.7.3

#6 Updated by Dominic Cleal almost 5 years ago

  • Target version changed from 1.7.3 to 1.7.2

#7 Updated by Lukas Zapletal almost 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Daniel Lobato Garcia almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 21

f

Also available in: Atom PDF