Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 894084 - PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled
Summary: PRD35 - [RFE] report SELinux policy and show it in UI + warn when not enabled
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: RFEs
Version: 3.2.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: 3.5.0
Assignee: Dima Kuznetsov
QA Contact: Petr Matyáš
URL:
Whiteboard: infra
: 894087 (view as bug list)
Depends On:
Blocks: 1086374 rhev3.5beta 1156165
TreeView+ depends on / blocked
 
Reported: 2013-01-10 16:32 UTC by Haim
Modified: 2016-02-10 19:06 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
With this enhancement, a warning message is displayed in the user interface if SELinux is disabled to remind users of the SELinux status.
Clone Of:
Environment:
Last Closed: 2015-02-11 17:51:25 UTC
oVirt Team: Infra
Target Upstream Version:


Attachments (Terms of Use)
migrations table (deleted)
2014-04-28 07:56 UTC, Elad
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0158 normal SHIPPED_LIVE Important: Red Hat Enterprise Virtualization Manager 3.5.0 2015-02-11 22:38:50 UTC
oVirt gerrit 26951 None None None Never
oVirt gerrit 26955 master MERGED core: Add selinux host info to VdsDynamic Never
oVirt gerrit 26962 master MERGED webadmin: Add selinux state to host general subtab Never
oVirt gerrit 27255 master MERGED webadmin: Move CPU info to HW info tab Never
Red Hat Bugzilla 858940 None None None Never

Internal Links: 858940

Description Haim 2013-01-10 16:32:36 UTC
Description of problem:


there are proven migration issues when one of the hosts is running selinux and the other is not.
we should take a call about this issues.
first, lets start by engine reporting selinux status in general sub-tab (UI fix needed).

Comment 2 Itamar Heim 2013-11-29 07:59:18 UTC
*** Bug 894087 has been marked as a duplicate of this bug. ***

Comment 7 Itamar Heim 2014-03-25 10:25:54 UTC
the easy part is to enforce selinux policy by engine.
the tricky part is if cluster policy is not to have selinux, but its enabled on a host, which will still cause the issue.

Comment 12 Elad 2014-04-28 07:56:03 UTC
Created attachment 890366 [details]
migrations table

Did migrations tests between VDSM from different compatibility versions installed on both RHEL6.5, RHEV-H6.5 and RHEV-H6.4. 
No issues were found, all migrations succeeded.
See table attached

Comment 13 Arthur Berezin 2014-04-29 16:31:42 UTC
Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report hosts' SELinux status to engine and present it under hosts general tab. BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

Comment 14 Barak 2014-04-29 17:16:46 UTC
(In reply to Arthur Berezin from comment #13)
> Per discussion today(Barak, Oved, Eli) the scope of this BZ is to report
> hosts' SELinux status to engine and present it under hosts general tab.
> BZ#1086374 scopes requirements of enforcing hosts' SELinux by engine.

And add a warning to the event log when a SELinux is not enforcing.

Comment 15 Dima Kuznetsov 2014-04-30 07:01:58 UTC
There is a problem in adding SELinux mode to Host->General sub-tab, the grid is currently full, and adding another label pushes it off the screen.

I propose we move some labels around, the following labels can be moved to Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU Cores per Socket, CPU Threads per Core, and instead, add just one label of Logical Cores that would display (sockets) * (cores per socket) * (threads per core).

Comment 16 Arthur Berezin 2014-04-30 10:18:57 UTC
(In reply to Dima Kuznetsov from comment #15)
> There is a problem in adding SELinux mode to Host->General sub-tab, the grid
> is currently full, and adding another label pushes it off the screen.
> 
> I propose we move some labels around, the following labels can be moved to
> Host->Hardware Information sub-tab: CPU Model, CPU Type, CPU Sockets, CPU
> Cores per Socket, CPU Threads per Core, and instead, add just one label of
> Logical Cores that would display (sockets) * (cores per socket) * (threads
> per core).

Ack, good idea.

Comment 18 errata-xmlrpc 2015-02-11 17:51:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html


Note You need to log in before you can comment on or make changes to this bug.