Bug 894084 – PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 894084 - PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Summary:	PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	RFEs (Show other bugs)
Sub Component:
Version:	3.2.0
Hardware:	x86_64 Linux

Priority	unspecified Severity high
Target Milestone:	---
Target Release:	3.5.0
Assigned To:	Dima Kuznetsov
QA Contact:	Petr Matyáš
Docs Contact:

URL:
Whiteboard:	infra
Keywords:	FutureFeature

Duplicates:	894087 (view as bug list)
Depends On:
Blocks:	1086374 rhev3.5beta 1156165
	Show dependency tree / graph

Reported:	2013-01-10 11:32 EST by Haim
Modified:	2016-02-10 14:06 EST (History)
CC List:	13 users (show)

See Also:	858940
Fixed In Version:
Doc Type:	Enhancement
Doc Text:	With this enhancement, a warning message is displayed in the user interface if SELinux is disabled to remind users of the SELinux status.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-02-11 12:51:25 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
migrations table (1.94 MB, image/jpeg) 2014-04-28 03:56 EDT, Elad	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
oVirt gerrit	26951	None	None	None	Never
oVirt gerrit	26955	master	MERGED	core: Add selinux host info to VdsDynamic	Never
oVirt gerrit	26962	master	MERGED	webadmin: Add selinux state to host general subtab	Never
oVirt gerrit	27255	master	MERGED	webadmin: Move CPU info to HW info tab	Never
Red Hat Product Errata	RHSA-2015:0158	normal	SHIPPED_LIVE	Important: Red Hat Enterprise Virtualization Manager 3.5.0	2015-02-11 17:38:50 EST

Groups: None (edit)

Description Haim 2013-01-10 11:32:36 EST

Description of problem:


there are proven migration issues when one of the hosts is running selinux and the other is not.
we should take a call about this issues.
first, lets start by engine reporting selinux status in general sub-tab (UI fix needed).

Comment 2 Itamar Heim 2013-11-29 02:59:18 EST

*** Bug 894087 has been marked as a duplicate of this bug. ***

Comment 7 Itamar Heim 2014-03-25 06:25:54 EDT

the easy part is to enforce selinux policy by engine.
the tricky part is if cluster policy is not to have selinux, but its enabled on a host, which will still cause the issue.

Comment 12 Elad 2014-04-28 03:56:03 EDT

Created attachment 890366 [details]
migrations table

Did migrations tests between VDSM from different compatibility versions installed on both RHEL6.5, RHEV-H6.5 and RHEV-H6.4. 
No issues were found, all migrations succeeded.
See table attached

Comment 13 Arthur Berezin 2014-04-29 12:31:42 EDT

Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report hosts' SELinux status to engine and present it under hosts general tab. BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

Comment 14 Barak 2014-04-29 13:16:46 EDT

(In reply to Arthur Berezin from comment #13)
> Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report
> hosts' SELinux status to engine and present it under hosts general tab.
> BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

And add a warning to the event log when a SELinux is not enforcing.

Comment 15 Dima Kuznetsov 2014-04-30 03:01:58 EDT

There is a problem in adding SELinux mode to Host->General sub-tab, the grid is currently full, and adding another label pushes it off the screen.

I propose we move some labels around, the following labels can be moved to Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU Cores per Socket, CPU Threads per Core, and instead, add just one label of Logical Cores that would display (sockets) * (cores per socket) * (threads per core).

Comment 16 Arthur Berezin 2014-04-30 06:18:57 EDT

(In reply to Dima Kuznetsov from comment #15)
> There is a problem in adding SELinux mode to Host->General sub-tab, the grid
> is currently full, and adding another label pushes it off the screen.
> 
> I propose we move some labels around, the following labels can be moved to
> Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU
> Cores per Socket, CPU Threads per Core, and instead, add just one label of
> Logical Cores that would display (sockets) * (cores per socket) * (threads
> per core).

Ack, good idea.

Comment 18 errata-xmlrpc 2015-02-11 12:51:25 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html

Note You need to log in before you can comment on or make changes to this bug.