Project

Profile

Help

Task #7574

Story #7043: As a user, I have pulp_installer compile and install the pulpcore-selinux policy

pulp_installer should compile & install the pulpcore-selinux policy when no paths are changed

Added by mdepaulo@redhat.com about 1 year ago. Updated about 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 82
Quarter:

Description

This task is to implement the majority of the logic for compiling & installing the pulpcore-selinux policy.

It will assume that path variables will not be changed. (Address in another change)

It will install the policies regardless of what set of plugins are installed. (This design is TBD.)

It will not cover any weird corner cases either.

Associated revisions

Revision d66908e7 View on GitHub
Added by Mike DePaulo about 1 year ago

As a user, I have pulp_installer compile and install the pulpcore-selinux policy

Applies to RedHat only.

Does not support for users overrding the folderpaths yet.

Implementation includes:

  1. Use make with the Makefile from the repo.2
  2. __pulp_selinux_policy_pkgs tracks the 3 policy package names from pulpcore-selinux.
  3. Install the compiled policy packages to /usr/local/share/selinux/ .
  4. Apply the SELinux type to the ports, read from pulp_api_bind and pulp_content_bind .
  5. Clone from github pulp org via https. Currently master branch. This can be overriden via __pulp_selinux_repo & +__pulp_selinux_version.
  6. Thorough handler logic on when to relabel the files on disk.

fixes: #7574

Revision d66908e7 View on GitHub
Added by Mike DePaulo about 1 year ago

As a user, I have pulp_installer compile and install the pulpcore-selinux policy

Applies to RedHat only.

Does not support for users overrding the folderpaths yet.

Implementation includes:

  1. Use make with the Makefile from the repo.2
  2. __pulp_selinux_policy_pkgs tracks the 3 policy package names from pulpcore-selinux.
  3. Install the compiled policy packages to /usr/local/share/selinux/ .
  4. Apply the SELinux type to the ports, read from pulp_api_bind and pulp_content_bind .
  5. Clone from github pulp org via https. Currently master branch. This can be overriden via __pulp_selinux_repo & +__pulp_selinux_version.
  6. Thorough handler logic on when to relabel the files on disk.

fixes: #7574

History

#1 Updated by Anonymous about 1 year ago

  • Status changed from NEW to MODIFIED
  • % Done changed from 0 to 100

#2 Updated by ttereshc about 1 year ago

  • Sprint/Milestone set to 3.8.0

#3 Updated by ttereshc about 1 year ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF