Dan Kenigsberg has posted comments on this change.
Change subject: caps: Add selinux enforcement reporting. ......................................................................
Patch Set 4: Code-Review-1
(3 comments)
http://gerrit.ovirt.org/#/c/26951/4/lib/vdsm/utils.py File lib/vdsm/utils.py:
Line 1270: def prependDefer(self, func, *args, **kwargs): Line 1271: self._finally.insert(0, (func, args, kwargs)) Line 1272: Line 1273: Line 1274: def getSELinuxEnforceMode(): vdsm.utils is intended for general-purpose utility funcitons, that are expected to be called from various places.
Unless you have such plans for this function, please make it a private funciton in caps.py. Line 1275: """ Line 1276: Returns the SELinux mode as reported by kernel. Line 1277: Line 1278: 1 = enforcing - SELinux security policy is enforced.
http://gerrit.ovirt.org/#/c/26951/4/vdsm/caps.py File vdsm/caps.py:
Line 391: Line 392: Line 393: def _getSELinux(): Line 394: selinux = dict() Line 395: selinux['mode'] = str(utils.getSELinuxEnforceMode()) why not report it as an int? Line 396: Line 397: return selinux Line 398: Line 399:
Line 393: def _getSELinux(): Line 394: selinux = dict() Line 395: selinux['mode'] = str(utils.getSELinuxEnforceMode()) Line 396: Line 397: return selinux Why are you using another level of a dictionary? Do you have plans to repot values other than "mode"? Is "mode" a standard name for the enforcement mode of selinux? Line 398: Line 399: Line 400: def get(): Line 401: targetArch = getTargetArch()