OpenStack-Ansible

Security role should look for unlabeled devices

Bug #1584196 reported by Major Hayden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Wishlist
Major Hayden

Bug Description

V-51379 requires that no unlabeled devices exist on the system. This doesn't apply for AppArmor, so it was skipped in Ubuntu. However, these devices ought to be checked in CentOS.

Tags: security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-security (master)

Fix proposed to branch: master
Review: https://review.openstack.org/319448

Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-security (master)

Reviewed: https://review.openstack.org/319448
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-security/commit/?id=bf28fdfe90fe5a16c57f5c4c18cff9510bed2423
Submitter: Jenkins
Branch: master

commit bf28fdfe90fe5a16c57f5c4c18cff9510bed2423
Author: Major Hayden <email address hidden>
Date: Wed Jun 1 13:22:12 2016 -0500

    Search for unlabeled device files

    The checks for V-51379 didn't apply for Ubuntu and they were
    unintentionally skipped in CentOS after the multi-distro work
    was completed.

    This patch adds a search for unlabeled device files on CentOS 7 systems
    and halts the playbook if an unlabeled device is found. This is a very
    rare occurrence.

    Documentation updates and release notes are provided.

    Closes-bug: 1584196

    Change-Id: Iba4be3bc5fa607685e3b4eeefda35f93894c7f28

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/openstack-ansible-security 14.0.0.0b1

This issue was fixed in the openstack/openstack-ansible-security 14.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.