894084 – PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Bug 894084 - PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Summary: PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	RFEs
Sub Component:
Version:	3.2.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.5.0
Assignee:	Dima Kuznetsov
QA Contact:	Petr Matyáš
Docs Contact:
URL:
Whiteboard:	infra
Duplicates (1):	894087 (view as bug list)
Depends On:
Blocks:	1086374 rhev3.5beta 1156165
TreeView+	depends on / blocked

Reported:	2013-01-10 16:32 UTC by Haim
Modified:	2016-02-10 19:06 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	With this enhancement, a warning message is displayed in the user interface if SELinux is disabled to remind users of the SELinux status.
Clone Of:
Environment:
Last Closed:	2015-02-11 17:51:25 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
migrations table (1.94 MB, image/jpeg) 2014-04-28 07:56 UTC, Elad	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	858940	1	None	None	None	2021-01-20 06:05:38 UTC
Red Hat Product Errata	RHSA-2015:0158	0	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Virtualization Manager 3.5.0	2015-02-11 22:38:50 UTC
oVirt gerrit	26951	0	None	None	None	Never
oVirt gerrit	26955	0	master	MERGED	core: Add selinux host info to VdsDynamic	Never
oVirt gerrit	26962	0	master	MERGED	webadmin: Add selinux state to host general subtab	Never
oVirt gerrit	27255	0	master	MERGED	webadmin: Move CPU info to HW info tab	Never

Internal Links: 858940

Description Haim 2013-01-10 16:32:36 UTC

Description of problem:


there are proven migration issues when one of the hosts is running selinux and the other is not.
we should take a call about this issues.
first, lets start by engine reporting selinux status in general sub-tab (UI fix needed).

Comment 2 Itamar Heim 2013-11-29 07:59:18 UTC

*** Bug 894087 has been marked as a duplicate of this bug. ***

Comment 7 Itamar Heim 2014-03-25 10:25:54 UTC

the easy part is to enforce selinux policy by engine.
the tricky part is if cluster policy is not to have selinux, but its enabled on a host, which will still cause the issue.

Comment 12 Elad 2014-04-28 07:56:03 UTC

Created attachment 890366 [details]
migrations table

Did migrations tests between VDSM from different compatibility versions installed on both RHEL6.5, RHEV-H6.5 and RHEV-H6.4. 
No issues were found, all migrations succeeded.
See table attached

Comment 13 Arthur Berezin 2014-04-29 16:31:42 UTC

Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report hosts' SELinux status to engine and present it under hosts general tab. BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

Comment 14 Barak 2014-04-29 17:16:46 UTC

(In reply to Arthur Berezin from comment #13)
> Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report
> hosts' SELinux status to engine and present it under hosts general tab.
> BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

And add a warning to the event log when a SELinux is not enforcing.

Comment 15 Dima Kuznetsov 2014-04-30 07:01:58 UTC

There is a problem in adding SELinux mode to Host->General sub-tab, the grid is currently full, and adding another label pushes it off the screen.

I propose we move some labels around, the following labels can be moved to Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU Cores per Socket, CPU Threads per Core, and instead, add just one label of Logical Cores that would display (sockets) * (cores per socket) * (threads per core).

Comment 16 Arthur Berezin 2014-04-30 10:18:57 UTC

(In reply to Dima Kuznetsov from comment #15)
> There is a problem in adding SELinux mode to Host->General sub-tab, the grid
> is currently full, and adding another label pushes it off the screen.
> 
> I propose we move some labels around, the following labels can be moved to
> Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU
> Cores per Socket, CPU Threads per Core, and instead, add just one label of
> Logical Cores that would display (sockets) * (cores per socket) * (threads
> per core).

Ack, good idea.

Comment 18 errata-xmlrpc 2015-02-11 17:51:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html

Note You need to log in before you can comment on or make changes to this bug.