Project

Profile

Help

Task #843

closed

Make pulp-selinux versioned independently from pulp-server

Added by bmbouter almost 9 years ago. Updated almost 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
Sprint:
Quarter:

Description

The pulp-selinux policy should no longer be lock-step versioned with platform. By doing this pulp-selinux would only be upgraded if it is actually needed. Currently, even if the policy is the same between two versions of pulp, the pulp-selinux package is uninstalled and installed. This takes time even with the recent improvements in restorecon statements run at upgrade time.

This versioning should be independent at the rpm level so that when it is included as a dependency of pulp-server yum will recognize that the package is already installed if the version has not changed during a pulp-server upgrade. This likely will include moving the selinux things to its own spec file. Also inside the rpm, there are two SELinux policies named: pulp-server and pulp-celery. These also carry version information, and should match the version of the rpm that contains them. Today that is the case, but they all are set by the

There are still some open questions:
(1) Is moving the pulp-selinux definition to its own spec file the right thing to do or could we manage independent versions out of one spec file.
(2) Should the selinux code be moved into its own repo and treated like an independently versioned plugin? The builder could pull in the right version.
(3) How should users report SELinux issues? What version would they set? The pulp version where they experience the issue or the SELinux version directly?

We should be sure that whatever we do, we don't make it harder to resolve #97.


Related issues

Related to Pulp - Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environmentNEW

Actions
Actions #1

Updated by bmbouter almost 9 years ago

  • Related to Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment added
Actions #2

Updated by bmbouter almost 9 years ago

  • Tags deleted (Security)
Actions #3

Updated by bmbouter almost 8 years ago

  • Parent issue set to #1826
Actions #4

Updated by bmbouter almost 8 years ago

  • Related to deleted (Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment)
Actions #5

Updated by bmbouter almost 8 years ago

  • Related to Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment added
Actions #6

Updated by bmbouter almost 8 years ago

  • Tags SELinux added
Actions #7

Updated by bmbouter almost 8 years ago

  • Parent issue deleted (#1826)
Actions #8

Updated by bmbouter almost 5 years ago

  • Status changed from NEW to CLOSED - WONTFIX
Actions #9

Updated by bmbouter almost 5 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

Actions #10

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF