Project

Profile

Help

Task #843

Make pulp-selinux versioned independently from pulp-server

Added by bmbouter over 4 years ago. Updated 6 months ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

The pulp-selinux policy should no longer be lock-step versioned with platform. By doing this pulp-selinux would only be upgraded if it is actually needed. Currently, even if the policy is the same between two versions of pulp, the pulp-selinux package is uninstalled and installed. This takes time even with the recent improvements in restorecon statements run at upgrade time.

This versioning should be independent at the rpm level so that when it is included as a dependency of pulp-server yum will recognize that the package is already installed if the version has not changed during a pulp-server upgrade. This likely will include moving the selinux things to its own spec file. Also inside the rpm, there are two SELinux policies named: pulp-server and pulp-celery. These also carry version information, and should match the version of the rpm that contains them. Today that is the case, but they all are set by the

There are still some open questions:
(1) Is moving the pulp-selinux definition to its own spec file the right thing to do or could we manage independent versions out of one spec file.
(2) Should the selinux code be moved into its own repo and treated like an independently versioned plugin? The builder could pull in the right version.
(3) How should users report SELinux issues? What version would they set? The pulp version where they experience the issue or the SELinux version directly?

We should be sure that whatever we do, we don't make it harder to resolve #97.


Related issues

Related to Pulp - Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment NEW Actions

History

#1 Updated by bmbouter over 4 years ago

  • Related to Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment added

#2 Updated by bmbouter over 4 years ago

  • Tags deleted (Security)

#3 Updated by bmbouter over 3 years ago

  • Parent task set to #1826

#4 Updated by bmbouter over 3 years ago

  • Related to deleted (Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment)

#5 Updated by bmbouter over 3 years ago

  • Related to Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment added

#6 Updated by bmbouter over 3 years ago

  • Tags SELinux added

#7 Updated by bmbouter over 3 years ago

  • Parent task deleted (#1826)

#8 Updated by bmbouter 6 months ago

  • Status changed from NEW to CLOSED - WONTFIX

#9 Updated by bmbouter 6 months ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#10 Updated by bmbouter 6 months ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF