You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cloudstack.apache.org by "David Nalley (JIRA)" <ji...@apache.org> on 2012/10/14 00:00:02 UTC

[jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent

David Nalley created CLOUDSTACK-337:
---------------------------------------

             Summary: Create SELinux policy for KVM agent
                 Key: CLOUDSTACK-337
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
             Project: CloudStack
          Issue Type: New Feature
          Components: KVM
            Reporter: David Nalley
             Fix For: 4.1.0


We currently advise folks to disable SELinux, which is BAD. My plan is to create a policy that we install at runtime. 

I'll be using this ticket as a collection point for logs. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Fwd: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent

Posted by David Nalley <da...@gnsa.us>.

Just a heads up that getting a working SELinux policy for the
CloudStack agent is one of my goals for 4.1.

My rough plan of attack is that I plan on starting with logs from some
of my own machines - generating a policy around that, apply it and see
if I come across other things. I'll publish that policy as soon as I
have some confidence and ask others to apply it as well (running 4.0
systems shouldn't see problems - SELinux is already running in
permissive mode, it should just cut down on log entries). Once we get
a centralized logging facility up, and actually get the policy
committed and installing, I'll grab the logs from runs of marvin in
jenkins as well as asking others to send any SELinux problems they see
after applying the policy. I am happy to have others help with this -
so don't hesitate to jump in if you so desire.

--David


---------- Forwarded message ----------
From: David Nalley (JIRA) <ji...@apache.org>
Date: Sat, Oct 13, 2012 at 6:00 PM
Subject: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent
To: cloudstack-dev@incubator.apache.org


David Nalley created CLOUDSTACK-337:
---------------------------------------

             Summary: Create SELinux policy for KVM agent
                 Key: CLOUDSTACK-337
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
             Project: CloudStack
          Issue Type: New Feature
          Components: KVM
            Reporter: David Nalley
             Fix For: 4.1.0


We currently advise folks to disable SELinux, which is BAD. My plan is
to create a policy that we install at runtime.

I'll be using this ticket as a collection point for logs.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-337) Create SELinux policy for KVM agent

Posted by "David Nalley (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-337?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494642#comment-13494642 ] 

David Nalley commented on CLOUDSTACK-337:
-----------------------------------------

Just a heads up that getting a working SELinux policy for the
CloudStack agent is one of my goals for 4.1.

My rough plan of attack is that I plan on starting with logs from some
of my own machines - generating a policy around that, apply it and see
if I come across other things. I'll publish that policy as soon as I
have some confidence and ask others to apply it as well (running 4.0
systems shouldn't see problems - SELinux is already running in
permissive mode, it should just cut down on log entries). Once we get
a centralized logging facility up, and actually get the policy
committed and installing, I'll grab the logs from runs of marvin in
jenkins as well as asking others to send any SELinux problems they see
after applying the policy. I am happy to have others help with this -
so don't hesitate to jump in if you so desire.

--David


---------- Forwarded message ----------
From: David Nalley (JIRA) <ji...@apache.org>
Date: Sat, Oct 13, 2012 at 6:00 PM
Subject: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent
To: cloudstack-dev@incubator.apache.org


David Nalley created CLOUDSTACK-337:
---------------------------------------

             Summary: Create SELinux policy for KVM agent
                 Key: CLOUDSTACK-337
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
             Project: CloudStack
          Issue Type: New Feature
          Components: KVM
            Reporter: David Nalley
             Fix For: 4.1.0


We currently advise folks to disable SELinux, which is BAD. My plan is
to create a policy that we install at runtime.

I'll be using this ticket as a collection point for logs.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

                
> Create SELinux policy for KVM agent
> -----------------------------------
>
>                 Key: CLOUDSTACK-337
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
>             Project: CloudStack
>          Issue Type: New Feature
>          Components: KVM
>            Reporter: David Nalley
>            Assignee: David Nalley
>             Fix For: 4.1.0
>
>
> We currently advise folks to disable SELinux, which is BAD. My plan is to create a policy that we install at runtime. 
> I'll be using this ticket as a collection point for logs. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Assigned] (CLOUDSTACK-337) Create SELinux policy for KVM agent

Posted by "David Nalley (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Nalley reassigned CLOUDSTACK-337:
---------------------------------------

    Assignee: David Nalley
    
> Create SELinux policy for KVM agent
> -----------------------------------
>
>                 Key: CLOUDSTACK-337
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
>             Project: CloudStack
>          Issue Type: New Feature
>          Components: KVM
>            Reporter: David Nalley
>            Assignee: David Nalley
>             Fix For: 4.1.0
>
>
> We currently advise folks to disable SELinux, which is BAD. My plan is to create a policy that we install at runtime. 
> I'll be using this ticket as a collection point for logs. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira