=== mamercad9 is now known as mamercad | ||
=== milosz_ is now known as milosz | ||
blackboxsw_ | rharper: so I ran across SELinux issues with cloud-init-hotplugd.socket being able to create a FIFO queue. I filed the bug for discussion as we iterate on getting hotplug fully functional. https://bugs.launchpad.net/cloud-init/+bug/1936229 I was wondering if we should pursue trying to actually establish an selinux policy for this and get that upstream..... Figured I'd pick your brain on this. | 15:11 |
---|---|---|
ubottu | Launchpad bug 1936229 in cloud-init "selinux cloud-init-hotplugd.socket not having permissions to fifo sockets" [Undecided, New] | 15:11 |
blackboxsw_ | I'll be talkng with the other half of the server team today to see what their thoughts are too | 15:11 |
blackboxsw_ | smoser too if interested ^.... I wanted to capture the bug because either way, I wasn't certain I wanted to tackle that part of the hotplug support in this PR because it's already getting big. I was thinking we'd be able to followup with something a bit more reviewable as an additional PR after https://github.com/canonical/cloud-init/pull/936 | 15:13 |
ubottu | Pull 936 in canonical/cloud-init "Initial hotplug support (SC-19)" [Open] | 15:13 |
rharper | blackboxsw_: oh, interesting | 15:18 |
blackboxsw_ | otubo: rjschwei : question out of nowhere for you as I'm a bit shallow on SELinux customization in any distro. If cloud-init needs to add custom SELinux policies for new systemd units or services to allow permissions such as creating or reading from FIFO queues, (per PR 936) is there a desired process for delivering policy customizations? | 16:54 |
ubottu | Bug 936 in Launchpad itself "Bug listing fails to use full screen width" [Low, Fix Released] https://launchpad.net/bugs/936 | 16:54 |
blackboxsw_ | For instance, would we want to drive SELinux policies to a "reference" or "base" selinux policy package to allow for cloud-init behavior or is it really up to the individual packages to establish and install their own policies? | 16:55 |
blackboxsw_ | or for cloud image creators to ensure they add the proper SELinux policies in place for any cloud-init enabled image | 16:56 |
rjschwei | blackboxsw_: I have no knowledge about SELinux policies, sorry I cannot help | 16:58 |
blackboxsw_ | no worries rjschwei, thanks. I figured I'd canvas on this in case others had experience. | 16:58 |
=== blackboxsw_ is now known as blackboxsw | ||
=== darkblueb2 is now known as darkblueb | ||
=== dmellado_ is now known as dmellado |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!