diff --git a/files/osa_swift.te b/files/osa_swift.te deleted file mode 100644 index 3ca1df6a..00000000 --- a/files/osa_swift.te +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2017, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -module osa_swift 1.0; - -require { - type sshd_t; - type swift_data_t; - type syslogd_t; - type default_t; - type postfix_local_t; - class file { getattr open read }; - class dir { search write }; -} - -#============= postfix_local_t ============== -allow postfix_local_t swift_data_t:dir search; - -#============= sshd_t ============== -allow sshd_t swift_data_t:file { getattr open read }; - -#============= syslogd_t ============== - -#!!!! WARNING: 'default_t' is a base type. -allow syslogd_t default_t:dir write; - diff --git a/tasks/swift_rings.yml b/tasks/swift_rings.yml index cee57c58..2b207ea4 100644 --- a/tasks/swift_rings.yml +++ b/tasks/swift_rings.yml @@ -13,10 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include_tasks: swift_rings_selinux.yml - when: - - ansible_selinux.status == "enabled" - - include_tasks: swift_rings_md5sum.yml - include_tasks: swift_rings_check.yml diff --git a/tasks/swift_rings_selinux.yml b/tasks/swift_rings_selinux.yml deleted file mode 100644 index 659c6a61..00000000 --- a/tasks/swift_rings_selinux.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2017, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- name: Create directory for compiling SELinux rule - file: - path: "/tmp/osa_swift-selinux/" - state: 'directory' - mode: '0755' - when: - - ansible_selinux.status == "enabled" - -- name: Drop SELinux config - copy: - src: "osa_swift.te" - dest: "/tmp/osa_swift-selinux/osa_swift.te" - owner: "root" - group: "root" - mode: "0755" - when: - - ansible_selinux.status == "enabled" - -- name: Compile and load SELinux module - command: '{{ item }}' - args: - creates: '/etc/selinux/targeted/active/modules/400//osa_swift/cil' - chdir: "/tmp/osa_swift-selinux/" - with_items: - - make -f /usr/share/selinux/devel/Makefile - - semodule -i /tmp/osa_swift-selinux/osa_swift.pp - when: - - ansible_selinux.status == "enabled" - - diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 7e06d81c..316af44a 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -20,8 +20,6 @@ swift_distro_packages: - liberasurecode - liberasurecode-devel - libffi-devel - - libselinux - - libselinux-devel - openssh-server - python-keystoneclient # Keystoneclient needed to OSA keystone lib - python-devel