Bug 1397537 - OSPd packaging for OVS-DPDK policies with SELINUX
Summary: OSPd packaging for OVS-DPDK policies with SELINUX
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-selinux
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: 10.0 (Newton)
Assignee: Lukas Vrabec
QA Contact: Maxim Babushkin
URL:
Whiteboard:
: 1380114 (view as bug list)
Depends On:
Blocks: 1325680
TreeView+ depends on / blocked
 
Reported: 2016-11-22 18:27 UTC by Maxim Babushkin
Modified: 2016-12-14 16:34 UTC (History)
20 users (show)

Fixed In Version: openstack-selinux-0.7.13-1.el7ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-14 16:34:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2948 0 normal SHIPPED_LIVE Red Hat OpenStack Platform 10 enhancement update 2016-12-14 19:55:27 UTC

Comment 11 Maxim Babushkin 2016-11-24 07:59:56 UTC 
Lukas,

Everything working as expected.
No additional selinux errors.

Thanks for the help.
Maxim.
Comment 16 Maxim Babushkin 2016-11-28 15:20:29 UTC 
The environment with the policy was tested with the following steps:

Overcloud has been deployed with two OVS DPDK and one OVS regular (public) network.
Each network resides on a separate vlan.
Private1 network (routable) was created for the first dpdk interface.
Private2 network (routable) was created for the second dpdk interface.
Public network was created as an external network for the regular ovs interface.

Test1 instance has been booted up with Private1 network attached.
Test2 instance has been booted up with Private2 network attached.

SSH access tested to the test1 instance.
SSH access tested between test1 and test2 instances.
Connectivity to outside (8.8.8.8) has been tested from both of the instances.

Floating ip has been added to the test1 instance and ssh connectivity tested to the instance.

audit.log has been verified for no avc denied errors.
Comment 17 Scott Lewis 2016-11-28 17:12:32 UTC 
(In reply to Maxim Babushkin from comment #16)
> The environment with the policy was tested with the following steps:
> 
> Overcloud has been deployed with two OVS DPDK and one OVS regular (public)
> network.
> Each network resides on a separate vlan.
> Private1 network (routable) was created for the first dpdk interface.
> Private2 network (routable) was created for the second dpdk interface.
> Public network was created as an external network for the regular ovs
> interface.
> 
> Test1 instance has been booted up with Private1 network attached.
> Test2 instance has been booted up with Private2 network attached.
> 
> SSH access tested to the test1 instance.
> SSH access tested between test1 and test2 instances.
> Connectivity to outside (8.8.8.8) has been tested from both of the instances.
> 
> Floating ip has been added to the test1 instance and ssh connectivity tested
> to the instance.
> 
> audit.log has been verified for no avc denied errors.

Has this been incorporated and tested within the latest puddle? I've noticed that you moved this directly from ASSIGNED -> VERIFIED without the intervening steps, which are used to add patches to puddles and advisories.
Comment 18 Maxim Babushkin 2016-11-28 17:51:10 UTC 
I have verified the solution once again today with the latest puddle.

Of course if needed, the status should be changed.
Comment 20 Jon Schlueter 2016-11-28 18:08:43 UTC 
To stay in post please update external trackers for patches/launch pad bug etc that should be tracked for this to transition to modify d with Fixed in version specified.  If all needed changes are in brew built packages. Pleas update fixed in version and move to modified.
Comment 23 Lukas Vrabec 2016-11-29 12:36:03 UTC 
Here is pull request:

https://github.com/lukehinds/openstack-selinux/pull/1
Comment 25 Alan Pevec 2016-11-29 13:01:13 UTC 
(In reply to Lukas Vrabec from comment #23)
> Here is pull request:
> 
> https://github.com/lukehinds/openstack-selinux/pull/1

As commented there, please move it to redhat-openstack/openstack-selinux
Comment 28 Maxim Babushkin 2016-11-30 12:43:04 UTC 
The bug has been verified with the latest puddle with openstack-selinux-0.7.13-1.el7ost package installed.
Comment 30 Maxim Babushkin 2016-12-06 08:57:18 UTC 
*** Bug 1380114 has been marked as a duplicate of this bug. ***
Comment 32 errata-xmlrpc 2016-12-14 16:34:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html
Note You need to log in before you can comment on or make changes to this bug.