Change in vdsm[master]: caps: Add selinux enforcement reporting.

Tue, 22 Apr 2014 03:58:32 -0700 

Dima Kuznetsov has uploaded a new change for review.

Change subject: caps: Add selinux enforcement reporting.
......................................................................

caps: Add selinux enforcement reporting.

Added selinuxEnforceModed field to getVdsCaps() what indicates whether
selinux is enforced on host or not

Change-Id: I98e0fcb71e831a76c4584bca46dc58fc4298180f
Signed-off-by: Dima Kuznetsov <dkuzn...@redhat.com>
---
M vdsm/caps.py
M vdsm_api/vdsmapi-schema.json
2 files changed, 25 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/51/26951/1

diff --git a/vdsm/caps.py b/vdsm/caps.py
index 3636228..597c3ed 100644
--- a/vdsm/caps.py
+++ b/vdsm/caps.py
@@ -32,6 +32,7 @@
 
 import libvirt
 import rpm
+import selinux
 
 from vdsm.config import config
 from vdsm import libvirtconnection
@@ -390,6 +391,20 @@
         return platform.machine()
 
 
+def getSELinuxEnforceMode():
+    selinux_mnts = ['/sys/fs/selinux', '/selinux']
+    for mnt in selinux_mnts:
+        enforce_path = os.path.join(mnt, 'enforce')
+        if not os.path.exists(enforce_path):
+            continue
+
+        with open(enforce_path) as fileStream:
+            return int(fileStream.read().strip())
+
+    # Assume disabled if cannot find
+    return -1
+
+
 def get():
     targetArch = getTargetArch()
 
@@ -459,6 +474,10 @@
     caps['numaNodeDistance'] = _getNumaNodeDistance()
     caps['autoNumaBalancing'] = _getAutoNumaBalancingInfo()
 
+    if selinux.is_selinux_enabled() == 0:
+        caps['selinuxEnforceMode'] = str(-1)
+    else:
+        caps['selinuxEnforceMode'] = getSELinuxEnforceMode()
     return caps
 
 
diff --git a/vdsm_api/vdsmapi-schema.json b/vdsm_api/vdsmapi-schema.json
index 6571cb7..5ef5cbe 100644
--- a/vdsm_api/vdsmapi-schema.json
+++ b/vdsm_api/vdsmapi-schema.json
@@ -1112,7 +1112,10 @@
 #
 # @autoNumaBalancing:   The status of auto numa balancing function
 #
-# Since: 4.10.0
+# @selinuxEnforceMode:  The mode of enforcement of SELinux policies on the
+#                       host.
+#
+# Since: 4.15.0
 #
 # Notes: Since ovirt-engine cannot parse software versions in 'x.y.z' format,
 #        the current API truncates @software_version to 'x.y'.
@@ -1134,7 +1137,8 @@
           'guestOverhead': 'uint', 'netConfigDirty': 'bool',
           'rngSources': ['VmRngDeviceSource'], 'numaNodes': 'NumaNodeMap',
           'numaNodeDistance': 'NumaNodeDistanceMap',
-          'autoNumaBalancing': 'AutoNumaBalancingStatus'}}
+          'autoNumaBalancing': 'AutoNumaBalancingStatus',
+          'selinuxEnforceMode': 'int'}}
 
 ##
 # @Host.getCapabilities:


-- 
To view, visit http://gerrit.ovirt.org/26951
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I98e0fcb71e831a76c4584bca46dc58fc4298180f
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Dima Kuznetsov <dkuzn...@redhat.com>
_______________________________________________
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches

Reply via email to