From bad3e9f393b649c82407e03db8ed6beec36699e4 Mon Sep 17 00:00:00 2001
From: Mohammed Naser <mnaser@vexxhost.com>
Date: Thu, 28 Jun 2018 12:58:01 -0400
Subject: [PATCH] Drop SELinux support from os_swift

The rules are not currently maintained, nor do we have the resources
to maintain them.  In addition, they most likely don't work in our
integrated repos.

For future, it would be best to depend on upstream packages for
SELinux support such as `openstack-selinux`.

Change-Id: I6203b98a96a341ce52930ceeed609d9c118ae8b8
---
 files/osa_swift.te            | 36 ----------------------------
 tasks/swift_rings.yml         |  4 ----
 tasks/swift_rings_selinux.yml | 45 -----------------------------------
 vars/redhat-7.yml             |  2 --
 4 files changed, 87 deletions(-)
 delete mode 100644 files/osa_swift.te
 delete mode 100644 tasks/swift_rings_selinux.yml

diff --git a/files/osa_swift.te b/files/osa_swift.te
deleted file mode 100644
index 3ca1df6a..00000000
--- a/files/osa_swift.te
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 2017, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-module osa_swift 1.0;
-
-require {
-	type sshd_t;
-	type swift_data_t;
-	type syslogd_t;
-	type default_t;
-	type postfix_local_t;
-	class file { getattr open read };
-	class dir { search write };
-}
-
-#============= postfix_local_t ==============
-allow postfix_local_t swift_data_t:dir search;
-
-#============= sshd_t ==============
-allow sshd_t swift_data_t:file { getattr open read };
-
-#============= syslogd_t ==============
-
-#!!!! WARNING: 'default_t' is a base type.
-allow syslogd_t default_t:dir write;
-
diff --git a/tasks/swift_rings.yml b/tasks/swift_rings.yml
index cee57c58..2b207ea4 100644
--- a/tasks/swift_rings.yml
+++ b/tasks/swift_rings.yml
@@ -13,10 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- include_tasks: swift_rings_selinux.yml
-  when:
-    - ansible_selinux.status == "enabled"
-
 - include_tasks: swift_rings_md5sum.yml
 
 - include_tasks: swift_rings_check.yml
diff --git a/tasks/swift_rings_selinux.yml b/tasks/swift_rings_selinux.yml
deleted file mode 100644
index 659c6a61..00000000
--- a/tasks/swift_rings_selinux.yml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-# Copyright 2017, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Create directory for compiling SELinux rule
-  file:
-    path: "/tmp/osa_swift-selinux/"
-    state: 'directory'
-    mode: '0755'
-  when:
-    - ansible_selinux.status == "enabled"
-
-- name: Drop SELinux config
-  copy:
-    src: "osa_swift.te"
-    dest: "/tmp/osa_swift-selinux/osa_swift.te"
-    owner: "root"
-    group: "root"
-    mode: "0755"
-  when:
-    - ansible_selinux.status == "enabled"
-
-- name: Compile and load SELinux module
-  command: '{{ item }}'
-  args:
-    creates: '/etc/selinux/targeted/active/modules/400//osa_swift/cil'
-    chdir: "/tmp/osa_swift-selinux/"
-  with_items:
-   - make -f /usr/share/selinux/devel/Makefile
-   - semodule -i /tmp/osa_swift-selinux/osa_swift.pp
-  when:
-    - ansible_selinux.status == "enabled"
-
-
diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml
index 7e06d81c..316af44a 100644
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@@ -20,8 +20,6 @@ swift_distro_packages:
   - liberasurecode
   - liberasurecode-devel
   - libffi-devel
-  - libselinux
-  - libselinux-devel
   - openssh-server
   - python-keystoneclient # Keystoneclient needed to OSA keystone lib
   - python-devel