Bug #7098
Improve selinux reporting in foreman-debug
Description
We already added some information to foreman-debug (grep AVC and audit2allow).
Unfortunately when selinux interfaces are not installed and generated, -R option can fail:
COMMAND> audit2allow -R < /var/log/audit/audit.log could not open interface info [/var/lib/sepolgen/interface_info]
I am going to fix this:
- instead of grep AVC we will do sesearch -m AVC which gives nicer overview including SYSCALL lines
- instead audit2allow -R we will try to generate interfaces and if that fails we will do audit2allow without the -R option
Associated revisions
History
#1
Updated by The Foreman Bot almost 8 years ago
Updated by - Status changed from Assigned to Ready For Testing
- Target version set to 1.7.5
- Pull request https://github.com/theforeman/foreman/pull/1691 added
- Pull request deleted (
)
#2
Updated by Lukas Zapletal almost 8 years ago
Updated by - Category set to Packaging
#3
Updated by Dmitri Dolguikh almost 8 years ago
Updated by - Target version changed from 1.7.5 to 1.7.4
#4
Updated by Lukas Zapletal almost 8 years ago
- Bugzilla link set to 1134737
#5
Updated by Dmitri Dolguikh almost 8 years ago
- Target version changed from 1.7.4 to 1.7.3
#6
Updated by Dominic Cleal over 7 years ago
Updated by - Target version changed from 1.7.3 to 1.7.2
#7
Updated by Lukas Zapletal over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset 80cc99f4b0d0af0afdba8def1256b37c4862430f.
#8
Updated by Daniel Lobato Garcia over 7 years ago
Updated by - Legacy Backlogs Release (now unused) set to 21
f
Fixes #7098 - better selinux reporting in foreman-debug