URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: opened
PR body: """ Previously we failed if selinux_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all.
Resolves: https://fedorahosted.org/sssd/ticket/3297 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
mzidek-rh commented: """ I did not test this last version yet, because I have some issues with my test environment, but very similar version worked for me :) . So feel free to test/review. """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281756180
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: edited
Changed field: body Original value: """ Previously we failed if selinux_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all.
Resolves: https://fedorahosted.org/sssd/ticket/3297 """
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
mzidek-rh commented: """ fixed a typo in commit message """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281760081
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
jhrozek commented: """ On Wed, Feb 22, 2017 at 10:20:08AM -0800, mzidek-rh wrote:
Previously we failed if selinux_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all.
Resolves: https://fedorahosted.org/sssd/ticket/3297 You can view, comment on, or merge this pull request online at:
So far I only scrolled through the diff, but it looks OK. Did you try building the package for @adelton to see if it fixes the issue he was seeing?
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281929604
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
adelton commented: """
Did you try building the package for @adelton to see if it fixes the issue he was seeing?
I'll be happy to test either RHEL 7 or Fedora 24 builds, for https://bugzilla.redhat.com/show_bug.cgi?id=1415167 reproducer. Copr repo would be ideal. """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281933170
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ On (23/02/17 00:40), Jakub Hrozek wrote:
On Wed, Feb 22, 2017 at 10:20:08AM -0800, mzidek-rh wrote:
Previously we failed if selinux_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all.
Resolves: https://fedorahosted.org/sssd/ticket/3297 You can view, comment on, or merge this pull request online at:
So far I only scrolled through the diff, but it looks OK. Did you try building the package for @adelton to see if it fixes the issue he was seeing?
Firstly we need to ensure that we do not break selinux integration. Then we can check use case with disabled SELinux.
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-281942899
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ if you do not want to use following pattern ``` if (ret != somerrror) { //mostly ENOENT //ignore this err ret = EOK } else (ret != EOK) //log error and fail } ```
and you prefer to return ERR_SELINUX_NOT_MANAGED. Then please update debug message after `get_seuser` in `seuser_needs_update`. Because internal error code are diffigult to read. e.g. ``` (Mon Apr 3 15:08:11 2017) [[sssd[selinux_child[1702]]]] [main] (0x0400): performing selinux operations (Mon Apr 3 15:08:11 2017) [[sssd[selinux_child[1702]]]] [sss_semanage_init] (0x0400): SELinux policy not managed (Mon Apr 3 15:08:11 2017) [[sssd[selinux_child[1702]]]] [seuser_needs_update] (0x2000): get_seuser: ret: 1432158258 seuser: unknown mls: unknown ```
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291181014
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
mzidek-rh commented: """ Update version pushed. """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291501202
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
mzidek-rh commented: """ New version pushed. """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291572183
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ I have mixed news Good one: * you fixed adelton's bug
Bad one: * regression test are failing.
Result NACK """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291867899
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ Reproducer should be: ``` echo dummy123@ipa.com | ipa user-add user2 --first 'user2' --last 'user2' --password //change temporary password with kinit kinit user2 //add selinux use mapping echo AdminPassword | kinit admin rm -rf /var/log/sssd/* systemctl restart sssd sss_debuglevel 10 ipa selinuxusermap-add selinuxusermaprule2 --selinuxuser=guest_u:s0 ipa selinuxusermap-add-user selinuxusermaprule2 --users=user2 ipa selinuxusermap-add-host selinuxusermaprule2 --hosts=$HOSTNAME ssh -l user2 localhost 'id -Z' ```
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291873756
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
mzidek-rh commented: """ New version pushed. """
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-291889506
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ let say that test passed :-) http://sssd-ci.duckdns.org/logs/job/67/50/summary.html http://sssd-ci.duckdns.org/logs/job/67/51/summary.html
ACK
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-292147911
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/165 Title: #165: selinux: Do not fail if SELinux is not managed
lslebodn commented: """ master: * 78a08d30b5fbf6e1e3b589e0cf67022e0c1faa33
sssd-1-14: * 31e4bc07ea17e3e91df28260f6a517b9774b948e
sssd-1-13: * 963acdfb8b40aca449cf61f85949b4d7bc5ee133
LS
"""
See the full comment at https://github.com/SSSD/sssd/pull/165#issuecomment-292153125
URL: https://github.com/SSSD/sssd/pull/165 Author: mzidek-rh Title: #165: selinux: Do not fail if SELinux is not managed Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/165/head:pr165 git checkout pr165
sssd-devel@lists.fedorahosted.org
-
adelton -
jhrozek
-
lslebodn
-
mzidek-rh