Bug 1074384

Summary: Beaker does not work with SELinux in enforcing mode
Product: [Retired] Beaker Reporter: Dan Callaghan <dcallagh>
Component: generalAssignee: beaker-dev-list
Status: CLOSED WONTFIX QA Contact: tools-bugs <tools-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 0.15CC: tools-bugs
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-21 14:12:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dan Callaghan 2014-03-10 04:26:48 UTC 
In our docs we currently advise disabling SELinux on Beaker installations because it is known not to work in enforcing mode. Nobody ever wrote an SELinux policy module for Beaker.
Comment 1 Dan Callaghan 2014-03-10 04:28:52 UTC 
The first step would be to run the test suite in Permissive mode and collect the AVC denials. We can craft a policy module based on those (audit2allow could help with that). The goal would be to enable Enforcing mode in the dogfood tests.

Then at some point in the future we may have enough confidence in the policy to update our docs not to recommend disabling SELinux.
Comment 3 Dan Callaghan 2015-05-06 03:24:22 UTC 
(In reply to Dan Callaghan from comment #1)
> The first step would be to run the test suite in Permissive mode

I learnt at Devconf this year that that is actually not a good approach :-)

https://www.youtube.com/watch?v=zQcYXJkwTns