# The form data below was edited by tom_tyler
# Perforce Workshop Jobs
#
# Job: The job name. 'new' generates a sequenced job number.
#
# Status: Job status; required field. There is no enforced or
# promoted workflow for transition of jobs from one
# status to another, just a set of job status values
# for users to apply as they see fit. Possible values:
#
# open - Issue is available to be worked on.
#
# inprogress - Active development is in progress.
#
# blocked - Issue cannot be implemented for some reason.
#
# fixed - Fixed, optional status to use before closed.
#
# closed - Issue has been dealt with definitively.
#
# punted - Decision made not to address the issue,
# possibly not ever.
#
# suspended - Decision made not to address the issue
# in the immediate future, but noting that it may
# have some merit and may be revisited later.
#
# duplicate - Duplicate of another issue that.
#
# obsolete - The need behind the request has become
# overcome by events.
#
# Project: The project this job is for. Required.
#
# Severity: [A/B/C] (A is highest) Required.
#
# ReportedBy The user who created the job. Can be changed.
#
# ReportedDate: The date the job was created. Automatic.
#
# ModifiedBy: The user who last modified this job. Automatic.
#
# ModifiedDate: The date this job was last modified. Automatic.
#
# OwnedBy: The owner, responsible for doing the job. Optional.
#
# Description: Description of the job. Required.
#
# DevNotes: Developer's comments. Optional. Can be used to
# explain a status, e.g. for blocked, punted,
# obsolete or duplicate jobs. May also provide
# additional information such as the earliest release
# in which a bug is known to exist.
#
# Component: Projects may use this optional field to indicate
# which component of the project a givenjob is associated
# with.
#
# For the SDP, the list of components is defined in:
# //guest/perforce_software/sdp/tools/components.txt
#
# Type: Type of job [Bug/Feature/Problem]. Required.
# Feature and Bug are common terms.
# A Problem is suspected bug, or one without a clear
# understanding of exactly what is broken.
#
# Release: Release in which job is intended to be fixed.
Job: SDP-562
Status: closed
Project: perforce-software-sdp
Severity: C
ReportedBy: tom_tyler
ReportedDate: 2020/10/27 06:26:23
ModifiedBy: tom_tyler
ModifiedDate: 2022/01/14 08:46:00
OwnedBy: tom_tyler
Description:
Support SELinux in enforcing mode on RHEL 8/CentOS 8/Rocky Linux 8.
Add support for SELinux ("Security Enhanced Linux)") in enforcing mode
on RHEL 8, CentOS 8, and Rocky Linux 8.
With implementation of SDP-350, SDP added support for SELinux in
enforcing mode. This works with RHEL/CentOS 6 and 7, as well as
Ubuntu 18.04 and 20.04. However, changes in SELinux in RHEL, and
thus CentOS 8 and Rocky Linux 8, cause the systemd unit files packaged
with the SDP to be unable to start the p4d process if SELinux is
enabled in enforcing mode.
=== Sample Failure ===
As [email protected]:
$ sudo systemctl start p4d_1
Job for p4d_1.service failed because the control process exited with error code.
See "systemctl status p4d_1.service" and "journalctl -xe" for details.
$ journalctl -xe
<excerpt of output>
-- Unit p4d_1.service has begun starting up.
Oct 08 12:47:31 helix-centos8.p4demo.com systemd[18518]: p4d_1.service: Failed to execute command: Permission denied
Oct 08 12:47:31 helix-centos8.p4demo.com systemd[18518]: p4d_1.service: Failed at step EXEC spawning /p4/1/bin/p4d_1_init: Permission>
-- Subject: Process /p4/1/bin/p4d_1_init could not be executed
This seems to be due to new SELinux behavior in CentOS 8, as the
SDP systemd 'unit' files are known to work with SELinux in enforcing on
other OS versions. A review of RHEL release notes indicates significant
changes were made to SELinux for RHEL 8. A bit of Googling indicates
SELinux changes on RHEL/CentOS 8 can break systemd unit files if SELinux
is enabled in enforcing mode.
Links:
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/8.0_release_notes/index
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index
Component: init
Type: Feature