Drop SELinux support from os_swift
The rules are not currently maintained, nor do we have the resources to maintain them. In addition, they most likely don't work in our integrated repos. For future, it would be best to depend on upstream packages for SELinux support such as `openstack-selinux`. Change-Id: I6203b98a96a341ce52930ceeed609d9c118ae8b8
This commit is contained in:
parent
b6593b7007
commit
bad3e9f393
@ -1,36 +0,0 @@
|
||||
# Copyright 2017, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
module osa_swift 1.0;
|
||||
|
||||
require {
|
||||
type sshd_t;
|
||||
type swift_data_t;
|
||||
type syslogd_t;
|
||||
type default_t;
|
||||
type postfix_local_t;
|
||||
class file { getattr open read };
|
||||
class dir { search write };
|
||||
}
|
||||
|
||||
#============= postfix_local_t ==============
|
||||
allow postfix_local_t swift_data_t:dir search;
|
||||
|
||||
#============= sshd_t ==============
|
||||
allow sshd_t swift_data_t:file { getattr open read };
|
||||
|
||||
#============= syslogd_t ==============
|
||||
|
||||
#!!!! WARNING: 'default_t' is a base type.
|
||||
allow syslogd_t default_t:dir write;
|
||||
|
@ -13,10 +13,6 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include_tasks: swift_rings_selinux.yml
|
||||
when:
|
||||
- ansible_selinux.status == "enabled"
|
||||
|
||||
- include_tasks: swift_rings_md5sum.yml
|
||||
|
||||
- include_tasks: swift_rings_check.yml
|
||||
|
@ -1,45 +0,0 @@
|
||||
---
|
||||
# Copyright 2017, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Create directory for compiling SELinux rule
|
||||
file:
|
||||
path: "/tmp/osa_swift-selinux/"
|
||||
state: 'directory'
|
||||
mode: '0755'
|
||||
when:
|
||||
- ansible_selinux.status == "enabled"
|
||||
|
||||
- name: Drop SELinux config
|
||||
copy:
|
||||
src: "osa_swift.te"
|
||||
dest: "/tmp/osa_swift-selinux/osa_swift.te"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0755"
|
||||
when:
|
||||
- ansible_selinux.status == "enabled"
|
||||
|
||||
- name: Compile and load SELinux module
|
||||
command: '{{ item }}'
|
||||
args:
|
||||
creates: '/etc/selinux/targeted/active/modules/400//osa_swift/cil'
|
||||
chdir: "/tmp/osa_swift-selinux/"
|
||||
with_items:
|
||||
- make -f /usr/share/selinux/devel/Makefile
|
||||
- semodule -i /tmp/osa_swift-selinux/osa_swift.pp
|
||||
when:
|
||||
- ansible_selinux.status == "enabled"
|
||||
|
||||
|
@ -20,8 +20,6 @@ swift_distro_packages:
|
||||
- liberasurecode
|
||||
- liberasurecode-devel
|
||||
- libffi-devel
|
||||
- libselinux
|
||||
- libselinux-devel
|
||||
- openssh-server
|
||||
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
||||
- python-devel
|
||||
|
Loading…
x
Reference in New Issue
Block a user