Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #6048

closed

SELinux policy won't install on CentOS 7

Added by bmbouter about 4 years ago. Updated almost 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
bmbouter
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Katello, SELinux
Sprint:
Sprint 65
Quarter:

Description

I follow the directions here on a fresh, up to date Centos 7 box: https://github.com/pulp/pulpcore-selinux

The policy compiles but fails to install. It says: Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pulpcore/cil:52

Here is how I reproduce:

[vagrant@centos7 pulpcore-selinux]$ make clean
rm -f *~  *.tc *.pp *.pp.bz2
rm -rf tmp *.tar.gz
[vagrant@centos7 pulpcore-selinux]$ sudo make
make -f /usr/share/selinux/devel/Makefile pulpcore.pp
make[1]: Entering directory `/home/vagrant/pulpcore-selinux'
Compiling targeted pulpcore module
pulpcore.te:63: Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead.
/usr/bin/checkmodule:  loading policy configuration from tmp/pulpcore.tmp
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 19) to tmp/pulpcore.mod
Creating targeted pulpcore.pp policy package
rm tmp/pulpcore.mod tmp/pulpcore.mod.fc
make[1]: Leaving directory `/home/vagrant/pulpcore-selinux'
Compressing pulpcore.pp -> pulpcore.pp.bz2
bzip2 -9 pulpcore.pp
[vagrant@centos7 pulpcore-selinux]$ sudo make install-policy
semodule -i pulpcore.pp.bz2
Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pulpcore/cil:52
semodule:  Failed!
make: *** [install-policy] Error 1
Actions
Copy link
 #1

Updated by bmbouter about 4 years ago

  • Tags Katello-P2 added

Adding P2 label since that is what SELinux blockers for Katello are labeled as currently.

Actions
Copy link
 #2

Updated by fao89 about 4 years ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 65
Actions
Copy link
 #3

Updated by bmbouter about 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to bmbouter

Added by Nikola Knazekova about 4 years ago

Revision 07ce0ec7 | View on GitHub

Update README and pulpcore.te

Changed building and installing steps in README:

  • Pulp_port module has to be installed first, except for Fedora 31 and Fedora Rawhide in which pulp_port type is included in the base SELinux policy.
  • The SELinux policy for Pulp was this way successfully installed on Fedora 30, Fedora 31, Fedora Rawhide, RHEL 7.5, RHEL 7.8, RHEL 8.0, RHEL 8.1 and RHEL 8.2 Beta.

Update pulpcore.te file:

  • miscfiles_read_certs() replaced by miscfiles_read_generic_certs(), because miscfiles_read_certs() has been deprecated.

Fixed: https://pulp.plan.io/issues/6048

Actions
Copy link
 #4

Updated by bmbouter about 4 years ago

  • Status changed from ASSIGNED to CLOSED - CURRENTRELEASE

The changes merged to the policy now install correctly for me on both Fedora31 and Centos7.

Actions
Copy link
 #5

Updated by ggainey almost 4 years ago

  • Tags Katello added
  • Tags deleted (Katello-P2)
Actions
Send by e-mail Copy link

Also available in: Atom PDF