Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport selinux change from zed #204

Merged
merged 1 commit into from
Nov 17, 2023
Merged

Backport selinux change from zed #204

merged 1 commit into from
Nov 17, 2023

Conversation

priteau
Copy link
Member

@priteau priteau commented Nov 14, 2023

The disable-selinux role has been renamed to selinux and now supports setting desired state.

Previously Kayobe was defaulting to disabling and rebooted the host - to avoid audit logs filling up. This change allows operators to define desired SELinux state and defaults to permissive - to adhere to those site policies that require SELinux to be at least in permissive state.

Note: unlike the original patch, this backport keeps the default selinux state as disabled.

Change-Id: I42933b0b7d55c69c9f6992e331fafb2e6c42d4d1 (cherry picked from commit caa7cc5)

@priteau priteau self-assigned this Nov 14, 2023
@priteau priteau requested a review from a team as a code owner November 14, 2023 20:00
markgoddard
markgoddard suggested changes Nov 15, 2023
View reviewed changes
ansible/roles/selinux/defaults/main.yml Outdated Show resolved Hide resolved
ansible/selinux.yml Outdated Show resolved Hide resolved
@priteau priteau force-pushed the selinux-state branch 2 times, most recently from 8e38bea to 8c2b072 Compare November 16, 2023 19:40
@priteau
Backport selinux change from zed
52ce15b 
The disable-selinux role has been renamed to selinux and now supports
setting desired state.

Previously Kayobe was defaulting to disabling and rebooted the host - to
avoid audit logs filling up. This change allows operators to define
desired SELinux state and defaults to permissive - to adhere to those
site policies that require SELinux to be at least in permissive state.

Note that unlike the original patch, this backport keeps the default
selinux state as disabled.

Co-authored-by: Mark Goddard <[email protected]>
Change-Id: I42933b0b7d55c69c9f6992e331fafb2e6c42d4d1
(cherry picked from commit caa7cc5)
@MoteHue
Copy link

MoteHue commented Nov 17, 2023

Merging now so I can use at AZ

@MoteHue MoteHue merged commit 2f265ca into stackhpc/yoga Nov 17, 2023
3 checks passed
@MoteHue MoteHue deleted the selinux-state branch November 17, 2023 09:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MoteHue MoteHue MoteHue approved these changes

@markgoddard markgoddard markgoddard approved these changes

Assignees

@priteau priteau

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@priteau @MoteHue @markgoddard