Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cephadm: fetch the real selinux status #42290

Merged
merged 1 commit into from Jul 15, 2021
Merged

cephadm: fetch the real selinux status #42290

merged 1 commit into from Jul 15, 2021

Conversation

javicacheiro
Copy link
Contributor

Fetch the real selinux status.

The mode in the configuration file and the actual mode can be different so we can not simply trust the configuration file, we have to check the real selinux status.

Fixes: https://tracker.ceph.com/issues/51632

Signed-off-by: Javier Cacheiro javier.cacheiro.lopez@cesga.es

Checklist

  • References tracker ticket
  • Updates documentation if necessary
  • Includes tests for new functionality or reproducer for bug
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test classic perf
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test api
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox

@javicacheiro javicacheiro requested a review from a team as a code owner July 12, 2021 14:22
adk3798
adk3798 reviewed Jul 13, 2021
View reviewed changes
src/cephadm/cephadm Outdated Show resolved Hide resolved
@sebastian-philipp
Copy link
Contributor

can you copy the essential parts of the tracker issue into the commit message? I'd like to be able to get a reason for this change, without looking at the tracker issue

@javicacheiro
Copy link
Contributor Author

can you copy the essential parts of the tracker issue into the commit message? I'd like to be able to get a reason for this change, without looking at the tracker issue

Done!

adk3798
adk3798 approved these changes Jul 14, 2021
View reviewed changes
Copy link
Contributor

@adk3798 adk3798 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, it looks like make check failed on here with

image

but that doesn't make sense given the code and didn't show up when I ran tox on these changes locally so hopefully the error will go away if we rerun it.

@adk3798
Copy link
Contributor

adk3798 commented Jul 14, 2021

jenkins test make check

adk3798
adk3798 reviewed Jul 14, 2021
View reviewed changes
src/cephadm/cephadm Outdated Show resolved Hide resolved
@javicacheiro
Fetch the actually running selinux status.
c3c79fc 
The HostFacts should return the **actual** selinux mode in which the
kernel is running.

The actual mode can be different from the one in the configuration
if the server has not been rebooted or if the mode was changed
after boot using setenforce.

Instead of reading _selinux_path_list we should look at the output of
sestatus or getenforce.

The _selinux_path_list attribute is no longer needed.

Fixes: https://tracker.ceph.com/issues/51632

Signed-off-by: Javier Cacheiro <javier.cacheiro.lopez@cesga.es>
@adk3798
Copy link
Contributor

adk3798 commented Jul 15, 2021

all tests passed in teuthology run

http://pulpito.front.sepia.ceph.com/adking-2021-07-14_17:47:06-rados:cephadm-wip-adk-testing-2021-07-14-1117-distro-basic-smithi/

@sebastian-philipp sebastian-philipp merged commit 6ffbe0b into ceph:master Jul 15, 2021
@sebastian-philipp sebastian-philipp mentioned this pull request Aug 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adk3798 adk3798 adk3798 approved these changes

@dsavineau dsavineau dsavineau approved these changes

Assignees
No one assigned
Labels
cephadm ready-to-merge
Projects
None yet
Milestone
No milestone
4 participants
@javicacheiro @sebastian-philipp @adk3798 @dsavineau