Copilot commented on code in PR #13281:
URL: https://github.com/apache/cloudstack/pull/13281#discussion_r3323302808
##########
python/lib/cloudutils/serviceConfig.py:
##########
@@ -525,6 +525,8 @@ def __init__(self, syscfg):
self.serviceName = "Apparmor"
def config(self):
+ return True
Review Comment:
This no-ops the AppArmor service step, but agent setup still unconditionally
writes `security_driver="none"` to `/etc/libvirt/qemu.conf` in
`libvirtConfigUbuntu` (serviceConfig.py:756). That means setup continues to
disable libvirt's AppArmor integration and will overwrite a user's
`security_driver="apparmor"` choice on reruns, so the PR does not fully stop
enforcing AppArmor-related security policy during setup.
##########
python/lib/cloudutils/serviceConfig.py:
##########
@@ -559,6 +563,8 @@ def __init__(self, syscfg):
self.serviceName = "SElinux"
def config(self):
+ return True
Review Comment:
This no-ops the SELinux service step, but agent setup still unconditionally
writes `security_driver="none"` to `/etc/libvirt/qemu.conf` in the Red Hat and
SUSE libvirt config paths (serviceConfig.py:663 and :701). On reruns, that will
keep disabling libvirt's SELinux integration and overwrite a user's
`security_driver="selinux"` choice, so the setup flow still enforces a
SELinux-related security decision.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
