Skip to content

Follow up for FR SSH SELinux context fixes #2817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 3, 2024
Merged

Follow up for FR SSH SELinux context fixes #2817

merged 1 commit into from
Jan 3, 2024

Conversation

@vpodzime
Copy link
Contributor

@vpodzime vpodzime commented Jan 2, 2024

Needs #2816 to be merged first. Adds one more commit that makes bigger changes in the policy, probably too disruptive for backporting.

@vpodzime vpodzime requested a review from craigcomstock January 2, 2024 16:29
@vpodzime vpodzime mentioned this pull request Jan 2, 2024
Merged
craigcomstock
craigcomstock approved these changes Jan 2, 2024
View reviewed changes
Copy link
Contributor

@craigcomstock craigcomstock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see why we couldn't back port these changes. A nice refactoring. 👍

@vpodzime
Refactor and improve policy fixing up SELinux context on FR SSH files
ff392a9 
We need to make sure both `semanage fcontext -a` and `restorecon`
are done before we run `ssh-keygen`. Otherwise `ssh-keygen` may
be blocked by SELinux when trying to save/write the generated
key at first and only succeeds in a later agent run.

Ticket: ENT-11136
Changelog: Federated reporting policy fixes SELinux context of
           the ~cftransport/.ssh directory and its contents in a
           single agent run.
@vpodzime vpodzime force-pushed the master-FR_selinux_fixes_fwup branch from 938f549 to ff392a9 Compare January 3, 2024 07:50
@vpodzime vpodzime merged commit f4ab890 into cfengine:master Jan 3, 2024
@vpodzime vpodzime added the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Jan 3, 2024
@craigcomstock craigcomstock removed the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Jan 10, 2024
@craigcomstock
Copy link
Contributor

craigcomstock commented Jan 10, 2024

I removed the cherry-pick label because we decided these changes were too disruptive.

@vpodzime vpodzime added the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label Jan 19, 2024
@vpodzime
Copy link
Contributor Author

vpodzime commented Jan 19, 2024

Added the label back, I think we might want to reconsider this for the next round of releases.

@nickanderson nickanderson mentioned this pull request May 24, 2024
Merged
@olehermanse
Copy link
Member

olehermanse commented May 29, 2024

Cherry-pick: #2890

@olehermanse olehermanse removed the cherry-pick? Fixes which may need to be cherry-picked to LTS branches label May 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@craigcomstock craigcomstock craigcomstock approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vpodzime @craigcomstock @olehermanse