Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1064417 - Configuring cgroups documentation has wrong selinux label for /etc/cgconfig.conf
Summary: Configuring cgroups documentation has wrong selinux label for /etc/cgconfig.conf
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 2.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Julie
QA Contact: ecs-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-12 14:57 UTC by Chester Knapp
Modified: 2017-03-08 17:38 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Build Name: 22146, Deployment Guide-1-1.2 Build Date: 14-01-2014 16:01:15 Topic ID: 20596-575534 [Specified]
Last Closed: 2014-03-07 07:03:39 UTC


Attachments (Terms of Use)

Description Chester Knapp 2014-02-12 14:57:34 UTC
Title: Configuring cgroups

Describe the issue: Section"6.8.2. Configuring cgroups" (from https://access.redhat.com/site/documentation/en-US/OpenShift_Enterprise/1/html-single/Deployment_Guide/index.html#Configuring_cgroups) states: 
- "The /etc/cgconfig.conf file exists with SELinux label system_u:object_r:cgconfig_etc_t:s0."


Which conflicts with what I am actually seeing: 
[root@node1 ~]# cp -vf /opt/rh/ruby193/root/usr/share/gems/doc/openshift-origin-node-*/cgconfig.conf /etc/cgconfig.conf
cp: overwrite `/etc/cgconfig.conf'? yes
`/opt/rh/ruby193/root/usr/share/gems/doc/openshift-origin-node-1.9.14.6/cgconfig.conf' -> `/etc/cgconfig.conf'
[root@node1 ~]# restorecon -rv /etc/cgconfig.conf
[root@node1 ~]# ls -Z /etc/cgconfig.conf
-rw-r--r--. root root unconfined_u:object_r:cgconfig_etc_t:s0 /etc/cgconfig.conf


Suggestions for improvement: Fix the doc? 


Additional information:

Comment 2 Miciah Dashiel Butler Masters 2014-02-21 15:52:54 UTC
The only discrepancy I see there is that the SELinux user in the Deployment Guide is system_u but here we see unconfined_u instead.  This discrepancy does not really matter, but it could be confusing.

The type (cgconfig_etc_t), role (object_r), and level (s0) of /etc/cgconfig.conf must be as described in the Deployment Guide.  The user may be either unconfined_u or system_u.

The unconfined_u user is likely to be assigned to the file if the configuration is created interactively by the root user while the system_u user will be assigned if the file is the one shipped with the RPM (possibly with its contents modified but without having had its context modified) or if the file has been created non-interactively, for example by an installation tool.

The type (cgconfig_etc_t) in particular is the part of the SELinux context that is likely to be incorrect, so perhaps the documentation should call it out in particular.

Note that the Troubleshooting Guide also points to the SELinux context of /etc/cgconfig.conf, so any of the changes to the Deployment Guide that are being discussed here should also be made to the Troubleshooting Guide.


Note You need to log in before you can comment on or make changes to this bug.