[katello-devel] Katello, Foreman and SELinux
Miroslav Grepl
mgrepl at redhat.com
Wed Dec 5 09:14:51 UTC 2012
On 11/29/2012 02:06 PM, Miroslav Grepl wrote:
> On 11/28/2012 05:40 PM, Bryan Kearney wrote:
>> On 11/28/2012 08:19 AM, Miroslav Grepl wrote:
>>> On 11/28/2012 02:15 PM, Miroslav Suchy wrote:
>>>> On 28.11.2012 13:46, Lukas Zapletal wrote:
>>>>> If we would like to confine thin processes (or perhaps mod_passenger
>>>>> processes) for both Katello and Foreman, we would need to extend our
>>>>> policy with this and also use the thin_t context as a template:
>>>>
>>>> Personally I would not spend time on confining thin.
>>>>
>>>> What about finishing:
>>>> https://github.com/Katello/katello/pull/1041
>>>>
>>>> We can import selinux-policy package from RHEL6.4 Alpha into rhel6
>>>> thirdparty temporally . And hopefuly finish it.
>>>>
>>>> This would save us a lot of work.
>>>>
>>>> Hmm, and even without it... can we use selinux transitions?
>>>>
>>>> http://danwalsh.livejournal.com/23944.html
>>>>
>>>> Mirek
>>>>
>>>> _______________________________________________
>>>> katello-devel mailing list
>>>> katello-devel at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/katello-devel
>>> The problem is we have different thin policies for RHEL6 against
>>> Fedora17+. It just works in RHEL6 because we have
>>>
>>> optional_policy(`
>>> unconfined_domain(thin_t)
>>> ')
>> Can we add this for F17?
> Well, the F17+ thin policy is different. We don't want to make thin_t
> as unconfined. It could mask real issues like this and we want to know
> if there is a project which uses thin and needs a new thin policy.
>
> We did the same for aeolus-configserver and it works fine now. So I
> believe we can do it also for Foreman together ;-).
>>
>> -- bk
>>
>>
>> _______________________________________________
>> katello-devel mailing list
>> katello-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/katello-devel
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
I wrote the following blog which could help you.
http://mgrepl.wordpress.com/2012/11/30/how-would-tools-like-paster-work-with-selinux-thin-story/
More information about the katello-devel
mailing list