1290117 – Guest instance should work with SELinux in enforcing mode

Bug 1290117 - Guest instance should work with SELinux in enforcing mode

Summary: Guest instance should work with SELinux in enforcing mode

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-trove
Sub Component:
Version:	8.0 (Liberty)
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	9.0 (Mitaka)
Assignee:	Victoria Martinez de la Cruz
QA Contact:	Luigi Toscano
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-09 16:53 UTC by Luigi Toscano
Modified:	2016-06-29 18:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-06-29 18:30:07 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Luigi Toscano 2015-12-09 16:53:00 UTC

Description of problem:
Currently, SELinux is set to permissive in guest instances. It should be possible to set it to Enforcing (with some rules).

Comment 1 Luigi Toscano 2015-12-10 11:59:17 UTC

Context: api-config.ini is used for the first time in Sahara post-Liberty, see
https://review.openstack.org/#/c/231989/
https://bugs.launchpad.net/sahara/+bug/1503983

Comment 2 Ryan Hallisey 2016-06-29 18:27:56 UTC

Can you report any AVCs you get from running in permissive mode? We can see about those landing in openstack-selinux.

Note You need to log in before you can comment on or make changes to this bug.