Bug 894084
| Summary: | PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Haim <hateya> | ||||
| Component: | RFEs | Assignee: | Dima Kuznetsov <dkuznets> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Petr Matyáš <pmatyas> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.2.0 | CC: | aberezin, bazulay, bsettle, ebenahar, iheim, juwu, lpeer, oourfali, pstehlik, rbalakri, Rhev-m-bugs, talayan, yeylon | ||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||
| Target Release: | 3.5.0 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | infra | ||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||
| Doc Text: |
With this enhancement, a warning message is displayed in the user interface if SELinux is disabled to remind users of the SELinux status.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-02-11 17:51:25 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1086374, 1142923, 1156165 | ||||||
| Attachments: |
|
||||||
|
Description
Haim
2013-01-10 16:32:36 UTC
*** Bug 894087 has been marked as a duplicate of this bug. *** the easy part is to enforce selinux policy by engine. the tricky part is if cluster policy is not to have selinux, but its enabled on a host, which will still cause the issue. Created attachment 890366 [details]
migrations table
Did migrations tests between VDSM from different compatibility versions installed on both RHEL6.5, RHEV-H6.5 and RHEV-H6.4.
No issues were found, all migrations succeeded.
See table attached
Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report hosts' SELinux status to engine and present it under hosts general tab. BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine. (In reply to Arthur Berezin from comment #13) > Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report > hosts' SELinux status to engine and present it under hosts general tab. > BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine. And add a warning to the event log when a SELinux is not enforcing. There is a problem in adding SELinux mode to Host->General sub-tab, the grid is currently full, and adding another label pushes it off the screen. I propose we move some labels around, the following labels can be moved to Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU Cores per Socket, CPU Threads per Core, and instead, add just one label of Logical Cores that would display (sockets) * (cores per socket) * (threads per core). (In reply to Dima Kuznetsov from comment #15) > There is a problem in adding SELinux mode to Host->General sub-tab, the grid > is currently full, and adding another label pushes it off the screen. > > I propose we move some labels around, the following labels can be moved to > Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU > Cores per Socket, CPU Threads per Core, and instead, add just one label of > Logical Cores that would display (sockets) * (cores per socket) * (threads > per core). Ack, good idea. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0158.html |