Fixes #9126 - moved Katello policy to a separate repo

theforeman · Jan 27, 2015 · a2471c0 · a2471c0
1 parent e2863e4
commit a2471c0
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 42 deletions.
diff --git a/foreman-selinux-disable b/foreman-selinux-disable
@@ -7,11 +7,6 @@ set +e
 for selinuxvariant in targeted
 do
   if /usr/sbin/semodule -s $selinuxvariant -l >/dev/null; then
-    # Remove all user defined ports (including the default one)
-    /usr/sbin/semanage port -E | \
-      grep elasticsearch_port_t | \
-      sed s/-a/-d/g | \
-      /usr/sbin/semanage -S $selinuxvariant -i -
     # Unload policy
     /usr/sbin/semodule -s $selinuxvariant -r foreman
   fi

diff --git a/foreman-selinux-enable b/foreman-selinux-enable
@@ -19,9 +19,6 @@ do
 
     echo "boolean -m --on httpd_setrlimit" > $TMP
 
-    /usr/sbin/semanage port -E | grep -q elasticsearch_port_t || \
-      echo "port -a -t elasticsearch_port_t -p tcp 9200-9300" >> $TMP
-
     /usr/sbin/semanage -S $selinuxvariant -i $TMP
   fi
 done
diff --git a/foreman.fc b/foreman.fc
@@ -51,7 +51,3 @@
 
 /usr/share/gems/gems/foreman-tasks-.*/bin/foreman-tasks -- gen_context(system_u:object_r:foreman_tasks_exec_t,s0)
 /opt/rh/ruby193/root/usr/share/gems/gems/foreman-tasks-.*/bin/foreman-tasks -- gen_context(system_u:object_r:foreman_tasks_exec_t,s0)
-
-# Katello plugin
-
-/usr/share/katello/script/katello-jobs -- gen_context(system_u:object_r:foreman_tasks_exec_t,s0)
diff --git a/foreman.te b/foreman.te
@@ -363,36 +363,6 @@ abrt_stream_connect(websockify_t)
 files_search_var_lib(websockify_t)
 read_files_pattern(websockify_t, puppet_var_lib_t, puppet_var_lib_t)
 
-######################################
-#
-# Elasticsearch
-#
-
-# We carry elasticsearch policy until it is delivered to RHEL6:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1102119
-type elasticsearch_port_t;
-corenet_port(elasticsearch_port_t)
-
-######################################
-#
-# Foreman Katello plugin
-#
-
-# System status (ping) controller checks for service status using sysvinit scripts
-# This is temporary solution until https://bugzilla.redhat.com/show_bug.cgi?id=1105085
-# is fixed.
-init_exec_script_files(passenger_t)
-
-ifndef(`distro_rhel7', `
-    consoletype_exec(passenger_t)
-')
-
-# Katello does connect to Elasticsearch services
-allow passenger_t elasticsearch_port_t:tcp_socket name_connect;
-
-# Katello uses certs in /etc/pki/katello for websockets
-miscfiles_read_certs(websockify_t)
-
 ######################################
 #
 # Foreman Bootdisk plugin