Skip to content
Snippets Groups Projects

Resolve "Investigate including policycoreutils as a runtime dependency in order to be able to use semanage"

Merged Resolve "Investigate including policycoreutils as a runtime dependency in order to be able to use semanage"
gitlab-contrib/omnibus-gitlab:1485-include-policycoreutils-semanage into master
All threads resolved!
Merged username-removed-1506167 requested to merge gitlab-contrib/omnibus-gitlab:1485-include-policycoreutils-semanage into master
All threads resolved!

Closes #1485 (closed).

This change replaces chcon with semanage in the gitlab-shell recipe, which makes the fcontext change permanent and brings the setup more in line with current SELinux best practices. As a result, the security context shouldn't get messed up anymore.

The documentation and test descriptions have been updated to reflect the change.

This change requires policycoreutils-python as a runtime dependency. The sort of counterintuitively-named restorecon -R -v is necessary to apply the new ssh_home_t context.

The dependencies required are in the base repos for all supported RHEL flavors.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • DJ Mountney assigned to @baroncharlus

    assigned to @baroncharlus

  • username-removed-1506167 added 1 commit

    added 1 commit

    • f6976d4f - applying selinux changes specifically to authorized_keys as well.

    Compare with previous version

  • username-removed-1506167 resolved all discussions

    resolved all discussions

  • DJ Mountney approved this merge request

    approved this merge request

  • DJ Mountney changed milestone to %10.0

    changed milestone to %10.0

  • DJ Mountney added Pick into Stable label

    added Pick into Stable label

  • DJ Mountney added Community Contribution SELinux labels

    added Community Contribution SELinux labels

  • DJ Mountney mentioned in commit 45abda5f

    mentioned in commit 45abda5f

  • DJ Mountney merged

    merged

  • DJ Mountney
    DJ Mountney @twk3 ·
    Contributor

    Thanks for the contribution @baroncharlus . I've finished reviewing it today, and have merged it for our upcoming 10.0 release of GitLab.

  • DJ Mountney mentioned in issue #1106

    mentioned in issue #1106

  • username-removed-1506167
    username-removed-1506167 @baroncharlus ·
    Author Contributor

    Awesome!:tada: Thanks @twk3!

  • Jarka Kadlecova
    Jarka Kadlecova @jarka ·
    Maintainer

    Picked into 10-0-stable and 10-0-stable-ee, will go into 10.0 RC4.

  • Jarka Kadlecova removed Pick into Stable label

    removed Pick into Stable label

  • DJ Mountney mentioned in commit 0f8825e9

    mentioned in commit 0f8825e9

  • DJ Mountney mentioned in commit aafc910e

    mentioned in commit aafc910e

  • username-removed-5332
    username-removed-5332 @bbodenmiller ·
    Contributor

    It doesn't look like policycoreutils-python is installed on RHEL6 by default and should be added to installation instructions at https://about.gitlab.com/installation/

  • username-removed-1506167 mentioned in issue gitlab-com/www-gitlab-com#1671 (closed)

    mentioned in issue gitlab-com/www-gitlab-com#1671 (closed)

    • Please register or sign in to reply