1349241 – The default setting of selinux should be enforcing.

Bug 1349241 - The default setting of selinux should be enforcing.

Summary: The default setting of selinux should be enforcing.

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	ovirt-node
Classification:	oVirt
Component:	Installation & Update
Sub Component:
Version:	4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	ovirt-4.0.1
Target Release:	4.0
Assignee:	Ryan Barry
QA Contact:	Wei Wang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-06-23 03:35 UTC by Wei Wang
Modified:	2016-08-04 13:31 UTC (History)
CC List:	10 users (show)
Fixed In Version:	rhev-hypervisor7-ng-4.0-20160701.1
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-08-04 13:31:25 UTC
oVirt Team:	Node
Embargoed:
Dependent Products:
Flags:	rule-engine: ovirt-4.0.z+ mgoldboi: planning_ack+ fdeutsch: devel_ack+ ycui: testing_ack+

Attachments	(Terms of Use)
ks file (852 bytes, text/plain) 2016-06-23 03:35 UTC, Wei Wang	no flags	Details
log files (136.85 KB, application/x-gzip) 2016-06-23 03:37 UTC, Wei Wang	no flags	Details
ks for verify (838 bytes, text/plain) 2016-07-21 03:32 UTC, Wei Wang	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
oVirt gerrit	59890	0	master	MERGED	Put node into enforcing mode	2016-07-07 18:22:28 UTC

Description Wei Wang 2016-06-23 03:35:55 UTC

Created attachment 1171230 [details]
ks file

Description of problem:
The default setting of selinux should be enforcing

Version-Release number of selected component (if applicable):
rhev-hypervisor7-ng-4.0-20160622.1.x86_64
imgbased-0.7.0-0.1.el7ev.noarch


How reproducible:
100%

Steps to Reproduce:
1. Automatic install machine with kickstart file in attachment
2. After reboot, login with root account
3. Check the selinux config
    #cat /etc/selinux/config

Actual results:
The default setting of selinux is permissive

Expected results:
The default setting of selinux is enforcing.

Additional info:

Comment 1 Wei Wang 2016-06-23 03:37:26 UTC

Created attachment 1171231 [details]
log files

Comment 2 Wei Wang 2016-07-21 03:31:44 UTC

Test Version:
redhat-virtualization-host-4.0-20160714.0.x86_64
imgbased-0.7.2-0.1.el7ev.noarch

Test Steps:
1. Automatic install machine with kickstart file in attachment
2. After reboot, login with root account
3. Check the selinux config
    #cat /etc/selinux/config

Result:
[root@dell-op790-01 ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

The bug cannot be reproduced, so change the status to VERIFIED.

Comment 3 Wei Wang 2016-07-21 03:32:21 UTC

Created attachment 1182312 [details]
ks for verify

Note You need to log in before you can comment on or make changes to this bug.