Project

Profile

Help

Story #9007

closed

Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment

As a vagrant user, I get an error if SELinux failed

Added by mdepaulo@redhat.com over 2 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
CI/CD
Sprint:
Quarter:

Description

When pulp_installer runs as part of vagrant, (currently) we set SELinux to permissive. Errors are logged.

However, nothing happens if SELinux errors are present.

We should do something, like a failure error at the end (configurable whether this happens), and printing any SELinux errors due to Pulp.

Alternatively we could just make it enforcing and let pulp_installer failure on its actual tasks (and thus fail the provision), but that would be disruptive to users. However:

  1. We'd still want to print the SELinux errors anyway.
  2. Some SELinux errors will break the application at runtime, but not break the installer.

This would affect our vagrant (qemu) CI tests as well. Where FIPS is tested.

Actions #1

Updated by fao89 over 2 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to fao89
Actions #2

Updated by fao89 over 2 years ago

we can enforce it only on CI

Actions #3

Updated by pulpbot over 2 years ago

  • Status changed from ASSIGNED to POST

Added by Fabricio Aguiar over 2 years ago

Revision 19894269 | View on GitHub

Display SELinux errors

https://pulp.plan.io/issues/9007 closes #9007

Added by Fabricio Aguiar over 2 years ago

Revision 19894269 | View on GitHub

Display SELinux errors

https://pulp.plan.io/issues/9007 closes #9007

Actions #4

Updated by Anonymous over 2 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #5

Updated by fao89 over 2 years ago

  • Sprint/Milestone set to 3.14.2
Actions #6

Updated by pulpbot over 2 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF