Project

Profile

Help

Actions
Send by e-mail Copy link

Story #9007

closed

Story #97: As a contributor, I rest easy knowing SELinux is Enforcing in the Pulp3 Vagrant environment

As a vagrant user, I get an error if SELinux failed

Added by mdepaulo@redhat.com almost 3 years ago. Updated almost 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
fao89
Category:
-
Sprint/Milestone:
3.14.2
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
CI/CD
Sprint:
Quarter:

Description

When pulp_installer runs as part of vagrant, (currently) we set SELinux to permissive. Errors are logged.

However, nothing happens if SELinux errors are present.

We should do something, like a failure error at the end (configurable whether this happens), and printing any SELinux errors due to Pulp.

Alternatively we could just make it enforcing and let pulp_installer failure on its actual tasks (and thus fail the provision), but that would be disruptive to users. However:

  1. We'd still want to print the SELinux errors anyway.
  2. Some SELinux errors will break the application at runtime, but not break the installer.

This would affect our vagrant (qemu) CI tests as well. Where FIPS is tested.

Actions
Send by e-mail Copy link

Also available in: Atom PDF