Task #7574: pulp_installer should compile & install the pulpcore-selinux policy when no paths are changed - Pulp

Actions

Send by e-mail Copy link

Task #7574

closed

Story #7043: As a user, I have pulp_installer compile and install the pulpcore-selinux policy

pulp_installer should compile & install the pulpcore-selinux policy when no paths are changed

Added by mdepaulo@redhat.com over 2 years ago. Updated over 2 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

mdepaulo@redhat.com

Category:

Installer - Moved to GitHub issues

Sprint/Milestone:

3.8.0

Start date:

Due date:

% Done:

100%

Estimated time:

Platform Release:

Groomed:

Sprint Candidate:

Tags:

Sprint:

Sprint 82

Quarter:

Description

This task is to implement the majority of the logic for compiling & installing the pulpcore-selinux policy.

It will assume that path variables will not be changed. (Address in another change)

It will install the policies regardless of what set of plugins are installed. (This design is TBD.)

It will not cover any weird corner cases either.

Added by Mike DePaulo over 2 years ago

Revision d66908e7

As a user, I have pulp_installer compile and install the pulpcore-selinux policy

Applies to RedHat only.

Does not support for users overrding the folderpaths yet.

Implementation includes:

Use make with the Makefile from the repo.2
__pulp_selinux_policy_pkgs tracks the 3 policy package names from pulpcore-selinux.
Install the compiled policy packages to /usr/local/share/selinux/ .
Apply the SELinux type to the ports, read from pulp_api_bind and pulp_content_bind .
Clone from github pulp org via https. Currently master branch. This can be overriden via __pulp_selinux_repo & +__pulp_selinux_version.
Thorough handler logic on when to relabel the files on disk.

fixes: #7574