OpenStack Feature page
Robyn Bergeron
robyn.bergeron at gmail.com
Mon Sep 5 19:06:14 UTC 2011
On Mon, Sep 5, 2011 at 11:24 AM, Mark McLoughlin <markmc at redhat.com> wrote:
> On Fri, 2011-09-02 at 07:18 +0100, Mark McLoughlin wrote:
>> On Thu, 2011-09-01 at 09:54 -0700, Robyn Bergeron wrote:
>
>> > * Features need to be at 100% by 9/13 - is SELinux assistance the only
>> > thing holding this back from being at 100%?
>>
>> Yes, that's probably the biggest issue. Dan Walsh has already written
>> some policy for glance, though, so I fully expect policy for Nova to
>> magically appear soon :)
>
> Actually, the situation isn't as bad as I thought - the "getting
> started" howto appears to work just fine with SELinux enabled.
>
> With selinux-policy-3.10.0-23.fc16.noarch installed, the glance daemons
> are confined to their own domains and the howto works without any AVC
> denials.
>
> It would be nice to have SELinux policy to confine Nova for F-16, but at
> the moment in runs just fine in the unconfined initrc_t domain ... so
> it's hardly a blocker.
Sounds good. NTH, indeed :)
FYI that I filed the ticket with FESCo; they meet today, and I'm
guessing there is no meeting, as most of the US folks are on holiday.
https://fedorahosted.org/fesco/ticket/665
>
> Cheers,
> Mark.
>
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud
>
More information about the cloud
mailing list