On Mon, Sep 5, 2011 at 11:24 AM, Mark McLoughlin <markmc@xxxxxxxxxx> wrote: > On Fri, 2011-09-02 at 07:18 +0100, Mark McLoughlin wrote: >> On Thu, 2011-09-01 at 09:54 -0700, Robyn Bergeron wrote: > >> > * Features need to be at 100% by 9/13 - is SELinux assistance the only >> > thing holding this back from being at 100%? >> >> Yes, that's probably the biggest issue. Dan Walsh has already written >> some policy for glance, though, so I fully expect policy for Nova to >> magically appear soon :) > > Actually, the situation isn't as bad as I thought - the "getting > started" howto appears to work just fine with SELinux enabled. > > With selinux-policy-3.10.0-23.fc16.noarch installed, the glance daemons > are confined to their own domains and the howto works without any AVC > denials. > > It would be nice to have SELinux policy to confine Nova for F-16, but at > the moment in runs just fine in the unconfined initrc_t domain ... so > it's hardly a blocker. Sounds good. NTH, indeed :) FYI that I filed the ticket with FESCo; they meet today, and I'm guessing there is no meeting, as most of the US folks are on holiday. https://fedorahosted.org/fesco/ticket/665 > > Cheers, > Mark. > > _______________________________________________ > cloud mailing list > cloud@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/cloud > _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
