selinux permissive on Fedora
The f20 gate job is failing on hpcloud images
(official F20 cloud image), with enforcing selinux.
Setting selinux to permissive on all Fedoras.
Currently selinux policies are violated, when
- horizon/httpd tries to access a files without
httpd_t friendly security label.
- horizon/httpd_t tries to connect to openstack
service port, without an allowing policy.
- swift tryes rsync content without an authorized
security label and without rsync_full_access sebool.
- ..
In permissive mode you will be able to track,
the missing policies and labels by checking
the /var/log/auidit/audit.log*
The enforcing mode might be turned on in the future,
when all label and policy configured correctly.
Change-Id: I6dad705dd11b9eb5f01ce67814f05d294b3979a5
Attila Fazekas authored on 2014/06/12 18:41:54Showing 1 changed files
| ... | ... |
@@ -87,16 +87,18 @@ if [[ ${DISTRO} =~ (precise) ]]; then
|
| 87 | 87 |
fi |
| 88 | 88 |
|
| 89 | 89 |
|
| 90 |
-# RHEL6 |
|
| 91 |
-# ----- |
|
| 92 |
- |
|
| 93 |
-if [[ $DISTRO =~ (rhel6) ]]; then |
|
| 94 |
- |
|
| 90 |
+if is_fedora; then |
|
| 95 | 91 |
# Disable selinux to avoid configuring to allow Apache access |
| 96 | 92 |
# to Horizon files (LP#1175444) |
| 97 | 93 |
if selinuxenabled; then |
| 98 | 94 |
sudo setenforce 0 |
| 99 | 95 |
fi |
| 96 |
+fi |
|
| 97 |
+ |
|
| 98 |
+# RHEL6 |
|
| 99 |
+# ----- |
|
| 100 |
+ |
|
| 101 |
+if [[ $DISTRO =~ (rhel6) ]]; then |
|
| 100 | 102 |
|
| 101 | 103 |
# If the ``dbus`` package was installed by DevStack dependencies the |
| 102 | 104 |
# uuid may not be generated because the service was never started (PR#598200), |