Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a new option -V to verify installed policies #93

Merged
merged 1 commit into from
Jun 15, 2022
Merged

Add a new option -V to verify installed policies #93

merged 1 commit into from
Jun 15, 2022

Conversation

cjeanner
Copy link
Collaborator

This new parameter will help ensuring the package did properly install.
It will ensure we're on an SELinux enabled, Enforcing system, then loop
on the different $MODULES to ensure they are present on the system.

In the end, this will help ensuring the package is properly installed,
avoiding future hide'n'seek parties when we're seeing any weird SELinux
issues within TripleO.

@cjeanner cjeanner force-pushed the verify-policies branch 5 times, most recently from 76e1655 to d3a3ac6 Compare June 10, 2022 16:22
@cjeanner cjeanner requested review from jpichon and lhh June 13, 2022 05:54
jpichon
jpichon reviewed Jun 13, 2022
View reviewed changes
Copy link
Collaborator

@jpichon jpichon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still poking around to understand how this all works but have to step out for now, just noted inline something I noticed while testing.

local_settings.sh.in Outdated Show resolved Hide resolved
lhh
lhh reviewed Jun 13, 2022
View reviewed changes
local_settings.sh.in Outdated Show resolved Hide resolved
local_settings.sh.in Outdated Show resolved Hide resolved
local_settings.sh.in Outdated Show resolved Hide resolved
@cjeanner cjeanner force-pushed the verify-policies branch 2 times, most recently from f7af77d to 17509c9 Compare June 13, 2022 13:54
lhh
lhh requested changes Jun 13, 2022
View reviewed changes
local_settings.sh.in Outdated Show resolved Hide resolved
@cjeanner cjeanner requested a review from lhh June 13, 2022 15:27
lhh
lhh approved these changes Jun 13, 2022
View reviewed changes
Copy link
Member

@lhh lhh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I'd recommend waiting for @jpichon since she had other comments as well.

@cjeanner cjeanner requested a review from jpichon June 14, 2022 16:05
jpichon
jpichon reviewed Jun 15, 2022
View reviewed changes
local_settings.sh.in Outdated Show resolved Hide resolved
@cjeanner
Add a new option -V to verify installed policies
af18066 
This new parameter will help ensuring the package did properly install.
It will ensure we're on an SELinux enabled, Enforcing system, then loop
on the different $MODULES to ensure they are present on the system.

In the end, this will help ensuring the package is properly installed,
avoiding future hide'n'seek parties when we're seeing any weird SELinux
issues within TripleO.
jpichon
jpichon approved these changes Jun 15, 2022
View reviewed changes
Copy link
Collaborator

@jpichon jpichon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, I think this is more nicely readable after the last few changes too. I'll merge and push a new version tag.

local_settings.sh.in Show resolved Hide resolved
@jpichon jpichon merged commit d53c3f0 into redhat-openstack:master Jun 15, 2022
rdoproject pushed a commit to rdo-packages/openstack-selinux-distgit that referenced this pull request Jun 15, 2022
@cjeanner
Add a new %verifyscript scriptlet
f4df752 
This will allow to ensure the policies are correctly installed, by
calling `rpm -V openstack-selinux'.

The "local_settings.sh -V" is introduced by the following patch:
redhat-openstack/openstack-selinux#93

Change-Id: I7a4cf3da16cddddcadac5658207958878ff618dc
cjeanner added a commit to cjeanner/openstack-selinux that referenced this pull request Jun 16, 2022
@cjeanner
Use stderr for error in verification function
3617c34 
`rpm -V' filters this out and displays only stderr content, so we'd be
missing the important bits of the verification.

With this patch in, the command outputs the list of missing modules, the
amount of them, and the final, default rpm verification failure message.

This patch is a follow-up of
redhat-openstack#93
cjeanner added a commit to cjeanner/openstack-selinux that referenced this pull request Jun 16, 2022
@cjeanner
Use stderr for error in verification function
f943858 
`rpm -V' filters the output and displays only stderr content, so we'd be
missing the important bits of the verification.

With this patch in, the command outputs the list of missing modules, the
amount of them, and the final, default rpm verification failure message.

This patch is a follow-up of
redhat-openstack#93
@cjeanner cjeanner mentioned this pull request Jun 16, 2022
Merged
cjeanner added a commit to cjeanner/openstack-selinux that referenced this pull request Jun 20, 2022
@cjeanner
Use stderr for error in verification function
8ac57ec 
`rpm -V' filters the output and displays only stderr content, so we'd be
missing the important bits of the verification.

With this patch in, the command outputs the list of missing modules, the
amount of them, and the final, default rpm verification failure message.

This patch is a follow-up of
redhat-openstack#93
rdoproject pushed a commit to rdo-packages/openstack-selinux-distgit that referenced this pull request Jul 8, 2022
@cjeanner @lhh
Add a new %verifyscript scriptlet
daecc50 
This will allow to ensure the policies are correctly installed, by
calling `rpm -V openstack-selinux'.

The "local_settings.sh -V" is introduced by the following patch:
redhat-openstack/openstack-selinux#93

Resolves: rhbz#2095776

Change-Id: I7a4cf3da16cddddcadac5658207958878ff618dc
rdoproject pushed a commit to rdo-packages/openstack-selinux-distgit that referenced this pull request Jul 8, 2022
@cjeanner
Add a new %verifyscript scriptlet
68c99df 
This will allow to ensure the policies are correctly installed, by
calling `rpm -V openstack-selinux'.

The "local_settings.sh -V" is introduced by the following patch:
redhat-openstack/openstack-selinux#93

Change-Id: I7a4cf3da16cddddcadac5658207958878ff618dc
(cherry picked from commit f4df752)
rdoproject pushed a commit to rdo-packages/openstack-selinux-distgit that referenced this pull request Jul 8, 2022
@cjeanner
Add a new %verifyscript scriptlet
9e77894 
This will allow to ensure the policies are correctly installed, by
calling `rpm -V openstack-selinux'.

The "local_settings.sh -V" is introduced by the following patch:
redhat-openstack/openstack-selinux#93

Change-Id: I7a4cf3da16cddddcadac5658207958878ff618dc
(cherry picked from commit f4df752)
@cjeanner cjeanner mentioned this pull request Sep 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lhh lhh lhh approved these changes

@jpichon jpichon jpichon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cjeanner @jpichon @lhh