3c19f00a7f
This patch adds the right tags to each piece of metadata and corrects small errors found in the deployer notes. Closes-bug: 1595669 Change-Id: Ic04aaad85ebf111be5a0bdb01a350442fdea1433
522 B
522 B
---id: V-51379 status: exception - ubuntu tag: lsm ---
The security role will search for unlabeled devices on CentOS and the playbook will fail with an error message if any unlabeled devices are found.
Although SELinux works through a labeling system where every file (including devices) receives a label, AppArmor on Ubuntu works purely through policies without labels. However, OpenStack-Ansible does configure several AppArmor policies to reduce the chances and impact of LXC container breakouts on OpenStack hosts.