selinux permissive on Fedora
The f20 gate job is failing on hpcloud images (official F20 cloud image), with enforcing selinux. Setting selinux to permissive on all Fedoras. Currently selinux policies are violated, when - horizon/httpd tries to access a files without httpd_t friendly security label. - horizon/httpd_t tries to connect to openstack service port, without an allowing policy. - swift tryes rsync content without an authorized security label and without rsync_full_access sebool. - .. In permissive mode you will be able to track, the missing policies and labels by checking the /var/log/auidit/audit.log* The enforcing mode might be turned on in the future, when all label and policy configured correctly. Change-Id: I6dad705dd11b9eb5f01ce67814f05d294b3979a5
This commit is contained in:
Attila Fazekas
parent
f46ac27999
commit
d7967a4879
@ -87,16 +87,18 @@ if [[ ${DISTRO} =~ (precise) ]]; then
|
||||
fi
|
||||
|
||||
|
||||
# RHEL6
|
||||
# -----
|
||||
|
||||
if [[ $DISTRO =~ (rhel6) ]]; then
|
||||
|
||||
if is_fedora; then
|
||||
# Disable selinux to avoid configuring to allow Apache access
|
||||
# to Horizon files (LP#1175444)
|
||||
if selinuxenabled; then
|
||||
sudo setenforce 0
|
||||
fi
|
||||
fi
|
||||
|
||||
# RHEL6
|
||||
# -----
|
||||
|
||||
if [[ $DISTRO =~ (rhel6) ]]; then
|
||||
|
||||
# If the ``dbus`` package was installed by DevStack dependencies the
|
||||
# uuid may not be generated because the service was never started (PR#598200),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user