Dima Kuznetsov has posted comments on this change. Change subject: caps: Add selinux enforcement reporting. ......................................................................
Patch Set 4: (3 comments) http://gerrit.ovirt.org/#/c/26951/4/lib/vdsm/utils.py File lib/vdsm/utils.py: Line 1270: def prependDefer(self, func, *args, **kwargs): Line 1271: self._finally.insert(0, (func, args, kwargs)) Line 1272: Line 1273: Line 1274: def getSELinuxEnforceMode(): > vdsm.utils is intended for general-purpose utility funcitons, that are expe Ok, will move back to caps. Line 1275: """ Line 1276: Returns the SELinux mode as reported by kernel. Line 1277: Line 1278: 1 = enforcing - SELinux security policy is enforced. http://gerrit.ovirt.org/#/c/26951/4/vdsm/caps.py File vdsm/caps.py: Line 391: Line 392: Line 393: def _getSELinux(): Line 394: selinux = dict() Line 395: selinux['mode'] = str(utils.getSELinuxEnforceMode()) > why not report it as an int? All the int values that are part of the response are converted to string: 340 caps['cpuThreads'] = str(cpuTopology.threads()) 341 caps['cpuSockets'] = str(cpuTopology.sockets()) Line 396: Line 397: return selinux Line 398: Line 399: Line 393: def _getSELinux(): Line 394: selinux = dict() Line 395: selinux['mode'] = str(utils.getSELinuxEnforceMode()) Line 396: Line 397: return selinux > Why are you using another level of a dictionary? Do you have plans to repot I think additional level is a good idea because it'd allows us to add more SELinux info later. And mode is pretty standard name for enforcement mode, sestatus reports is just as 'mode': $ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 About future plans, some of these have no use being reported like the mount-point, but maybe some day engine would like to know if there is a difference between configured and actual mode, or the current policy running. Line 398: Line 399: Line 400: def get(): Line 401: targetArch = getTargetArch() -- To view, visit http://gerrit.ovirt.org/26951 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I98e0fcb71e831a76c4584bca46dc58fc4298180f Gerrit-PatchSet: 4 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Dima Kuznetsov <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Dima Kuznetsov <[email protected]> Gerrit-Reviewer: Douglas Schilling Landgraf <[email protected]> Gerrit-Reviewer: Yaniv Bronhaim <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
