Yaniv Bronhaim has posted comments on this change.
Change subject: caps: Add selinux enforcement reporting. ......................................................................
Patch Set 1:
(3 comments)
http://gerrit.ovirt.org/#/c/26951/1//COMMIT_MSG Commit Message:
Line 7: caps: Add selinux enforcement reporting. Line 8: Line 9: Added selinuxEnforceModed field to getVdsCaps() what indicates whether Line 10: selinux is enforced on host or not Line 11: add direct link to engine's part Line 12: Change-Id: I98e0fcb71e831a76c4584bca46dc58fc4298180f
http://gerrit.ovirt.org/#/c/26951/1/vdsm/caps.py File vdsm/caps.py:
Line 405: - I would add here the comment from /etc/selinux/config:
# 1= enforcing - SELinux security policy is enforced. # 0 = permissive - SELinux prints warnings instead of enforcing. # -1= disabled - No SELinux policy is loaded.
or use enums
Line 474: caps['numaNodeDistance'] = _getNumaNodeDistance() Line 475: caps['autoNumaBalancing'] = _getAutoNumaBalancingInfo() Line 476: Line 477: if selinux.is_selinux_enabled() == 0: Line 478: caps['selinuxEnforceMode'] = str(-1) do we really need selinux package here? isn't getSELinuxEnforceMode enough for this purpose ? Line 479: else: Line 480: caps['selinuxEnforceMode'] = getSELinuxEnforceMode() Line 481: return caps Line 482: