Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "Label /etc/cockpit/ws-certs.d with cert_t" #1014

Merged
merged 1 commit into from
Jan 19, 2022
Merged

Revert "Label /etc/cockpit/ws-certs.d with cert_t" #1014

merged 1 commit into from
Jan 19, 2022

Conversation

zpytela
Copy link
Contributor

@zpytela zpytela commented Jan 19, 2022

This reverts commit 0ac09c6.

Unfortunately duplicate file context entries cannot co-exist
even in modules installed with a different priority.

@zpytela
Revert "Label /etc/cockpit/ws-certs.d with cert_t"
d7e2939 
This reverts commit 0ac09c6.

A duplicate file context entry was added to miscfiles mistakenly
which clashes with a rule in the cockpit custom policy module
although it has the same content literally.
@zpytela zpytela merged commit a3b543d into fedora-selinux:rawhide Jan 19, 2022
@martinpitt
Copy link
Contributor

@zpytela : Is there still something which either you or me need to do about the original issue? #856 has been stuck for a while, but is there anything wrt. ws-certs.d labels which is still broken right now?

Thank you!

@zpytela
Copy link
Contributor Author

zpytela commented Jan 19, 2022

@zpytela : Is there still something which either you or me need to do about the original issue? #856 has been stuck for a while, but is there anything wrt. ws-certs.d labels which is still broken right now?

Thank you!

No, a new policy build is in CI pipeline and should be ready in a few hours.

@zpytela zpytela deleted the cockpit-revert branch January 19, 2022 15:33
@martinpitt
Copy link
Contributor

I didn't mean that revert -- that's obviously the right thing to do for unbreaking the world. I meant for the original commit 0ac09c6 -- I suppose that was done for a reason, to fix https://bugzilla.redhat.com/show_bug.cgi?id=1907473 . My question is, is that actually still necessary? We ship our custom cockpit policy in RHEL 8 now, so I would have thought selinux-policy wouldn't have to care about this any more?

@zpytela
Copy link
Contributor Author

zpytela commented Jan 19, 2022

I didn't mean that revert -- that's obviously the right thing to do for unbreaking the world. I meant for the original commit 0ac09c6 -- I suppose that was done for a reason, to fix https://bugzilla.redhat.com/show_bug.cgi?id=1907473 . My question is, is that actually still necessary? We ship our custom cockpit policy in RHEL 8 now, so I would have thought selinux-policy wouldn't have to care about this any more?

Absolutely, it was one of today's findings that cockpit's policy it is not in cockpit-selinux which had made me believe cockpit does not ship its own policy in RHEL 8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zpytela @martinpitt