Skip to content

Commit d7967a4

Browse files
committed
selinux permissive on Fedora
The f20 gate job is failing on hpcloud images (official F20 cloud image), with enforcing selinux. Setting selinux to permissive on all Fedoras. Currently selinux policies are violated, when - horizon/httpd tries to access a files without httpd_t friendly security label. - horizon/httpd_t tries to connect to openstack service port, without an allowing policy. - swift tryes rsync content without an authorized security label and without rsync_full_access sebool. - .. In permissive mode you will be able to track, the missing policies and labels by checking the /var/log/auidit/audit.log* The enforcing mode might be turned on in the future, when all label and policy configured correctly. Change-Id: I6dad705dd11b9eb5f01ce67814f05d294b3979a5
1 parent f46ac27 commit d7967a4

1 file changed

Lines changed: 7 additions & 5 deletions

File tree

tools/fixup_stuff.sh

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -87,16 +87,18 @@ if [[ ${DISTRO} =~ (precise) ]]; then
8787
fi
8888

8989

90-
# RHEL6
91-
# -----
92-
93-
if [[ $DISTRO =~ (rhel6) ]]; then
94-
90+
if is_fedora; then
9591
# Disable selinux to avoid configuring to allow Apache access
9692
# to Horizon files (LP#1175444)
9793
if selinuxenabled; then
9894
sudo setenforce 0
9995
fi
96+
fi
97+
98+
# RHEL6
99+
# -----
100+
101+
if [[ $DISTRO =~ (rhel6) ]]; then
100102

101103
# If the ``dbus`` package was installed by DevStack dependencies the
102104
# uuid may not be generated because the service was never started (PR#598200),

0 commit comments

Comments
 (0)