Add answerfile SELinux mode option #61
Conversation
Signed-off-by: Lucas Gracioso <[email protected]>
Signed-off-by: Lucas Gracioso <[email protected]>
|
|
Ok for adding the option to change, but adding the option requires that SELinux actually works. It should also include the SELinux policies for all the packages that the system installs, so finally you could add a switch to enable it. For now this one is incomplete. |
Signed-off-by: Lucas Gracioso <[email protected]>
Signed-off-by: Lucas Gracioso <[email protected]>
|
@viniciusferrao Please check it again. |
| @@ -169,6 +169,19 @@ void AnswerFile::loadHostnameSettings() | |||
| = m_ini.getValue("hostname", "domain_name", false, false); | |||
| } | |||
|
|
|||
| Cluster::SELinuxMode AnswerFile::checkSELinuxMode(const std::string& mode) | |||
| { | |||
There was a problem hiding this comment.
This should be a switch case statement.
| return Cluster::SELinuxMode::Enforcing; | ||
| } else if (mode == "permissive") { | ||
| return Cluster::SELinuxMode::Permissive; | ||
| } else if (mode == "disabled") { |
There was a problem hiding this comment.
We should have a method to ignore case when comparing strings. It will avoid bugs where the user selects Disabled and disabled. That should not be an issue in a TUI interface, but on an answerfile it is.
| // SELinux policies | ||
| if (getSELinux() != SELinuxMode::Disabled) { | ||
| SELinux SELinuxConfigurer; | ||
| SELinuxConfigurer.configureProvisioner(getProvisioner()); |
There was a problem hiding this comment.
Configurer is a very bad word. Usually the term used is Setup.
| @@ -6,6 +6,7 @@ | |||
| #ifndef CLOYSTERHPC_ANSWERFILE_H_ | |||
| #define CLOYSTERHPC_ANSWERFILE_H_ | |||
|
|
|||
| #include "cluster.h" | |||
| #ifndef CLOYSTERHPC_SELINUX_H_ | ||
| #define CLOYSTERHPC_SELINUX_H_ | ||
|
|
||
| #include "cloysterhpc/cluster.h" |
| @@ -20,6 +20,7 @@ | |||
| #include <regex> | |||
|
|
|||
| #ifndef NDEBUG | |||
| #include "cloysterhpc/selinux/selinux.h" | |||
There was a problem hiding this comment.
IDE did it when included. I'll change.
| "restorecon -R /install && " | ||
| "rm -rf /root/xCAT-httpd-read-tftpdir*"; | ||
|
|
||
| cloyster::runCommand(combinedCommands); |
There was a problem hiding this comment.
Does this work? && is a shell thing.
There was a problem hiding this comment.
Whats wrong with it?
| cloyster::setFilePermissions(file); | ||
|
|
||
| // Install SELinux policy file for xCAT | ||
| std::string combinedCommands |
| void SELinux::configurexCATPolicyFile() | ||
| { | ||
| // Create SELinux policy file for xCAT | ||
| const std::string file = "/root/xCAT-httpd-read-tftpdir.te"; |
There was a problem hiding this comment.
Do we have a /opt/cloysterhpc directory right? We should use it instead of /root.
| cloyster::runCommand(combinedCommands); | ||
| } | ||
|
|
||
| void SELinux::configurexCATrsyncPolicyFile() |
There was a problem hiding this comment.
I really dislike this naming, it looks like procedural code. Because the function name is too long and too specific it's looks like a function, and not a method in the way we refer in OOP.
To be clear, the issue isn't exactly the name, the name is the result of the issue. That's not done as an OOP code.
|
This project should be discussed in a audio call in order to fix some doubts and troubles. When possible, please contact me and let's call. |
This PR gives the user the ability to select a SELinux mode on the headnode.