Just a heads up that getting a working SELinux policy for the
CloudStack agent is one of my goals for 4.1.
My rough plan of attack is that I plan on starting with logs from some
of my own machines - generating a policy around that, apply it and see
if I come across other things. I'll publish that policy as soon as I
have some confidence and ask others to apply it as well (running 4.0
systems shouldn't see problems - SELinux is already running in
permissive mode, it should just cut down on log entries). Once we get
a centralized logging facility up, and actually get the policy
committed and installing, I'll grab the logs from runs of marvin in
jenkins as well as asking others to send any SELinux problems they see
after applying the policy. I am happy to have others help with this -
so don't hesitate to jump in if you so desire.
--David
---------- Forwarded message ----------
From: David Nalley (JIRA) <j...@apache.org>
Date: Sat, Oct 13, 2012 at 6:00 PM
Subject: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent
To: cloudstack-dev@incubator.apache.org
David Nalley created CLOUDSTACK-337:
---------------------------------------
Summary: Create SELinux policy for KVM agent
Key: CLOUDSTACK-337
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-337
Project: CloudStack
Issue Type: New Feature
Components: KVM
Reporter: David Nalley
Fix For: 4.1.0
We currently advise folks to disable SELinux, which is BAD. My plan is
to create a policy that we install at runtime.
I'll be using this ticket as a collection point for logs.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
