incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <>
Subject Fwd: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent
Date Sat, 10 Nov 2012 12:10:53 GMT
Just a heads up that getting a working SELinux policy for the
CloudStack agent is one of my goals for 4.1.

My rough plan of attack is that I plan on starting with logs from some
of my own machines - generating a policy around that, apply it and see
if I come across other things. I'll publish that policy as soon as I
have some confidence and ask others to apply it as well (running 4.0
systems shouldn't see problems - SELinux is already running in
permissive mode, it should just cut down on log entries). Once we get
a centralized logging facility up, and actually get the policy
committed and installing, I'll grab the logs from runs of marvin in
jenkins as well as asking others to send any SELinux problems they see
after applying the policy. I am happy to have others help with this -
so don't hesitate to jump in if you so desire.


---------- Forwarded message ----------
From: David Nalley (JIRA) <>
Date: Sat, Oct 13, 2012 at 6:00 PM
Subject: [jira] [Created] (CLOUDSTACK-337) Create SELinux policy for KVM agent

David Nalley created CLOUDSTACK-337:

             Summary: Create SELinux policy for KVM agent
                 Key: CLOUDSTACK-337
             Project: CloudStack
          Issue Type: New Feature
          Components: KVM
            Reporter: David Nalley
             Fix For: 4.1.0

We currently advise folks to disable SELinux, which is BAD. My plan is
to create a policy that we install at runtime.

I'll be using this ticket as a collection point for logs.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message