From d7967a4879d38d86e5d7b870ba5a140f8adc1061 Mon Sep 17 00:00:00 2001
From: Attila Fazekas <afazekas@redhat.com>
Date: Thu, 12 Jun 2014 11:41:54 +0200
Subject: [PATCH] selinux permissive on Fedora

The f20 gate job is failing on hpcloud images
(official F20 cloud image), with enforcing selinux.

Setting selinux to permissive on all Fedoras.

Currently selinux policies are violated, when
 - horizon/httpd tries to access a files without
httpd_t friendly security label.
 - horizon/httpd_t tries to connect to openstack
   service port, without an allowing policy.
 - swift tryes rsync content without an authorized
   security label and without rsync_full_access sebool.
 - ..

In permissive mode you will be able to track,
the missing policies and labels by checking
the /var/log/auidit/audit.log*

The enforcing mode might be turned on in the future,
when all label and policy configured correctly.

Change-Id: I6dad705dd11b9eb5f01ce67814f05d294b3979a5
---
 tools/fixup_stuff.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index e6a6a79876..a410543c07 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -87,16 +87,18 @@ if [[ ${DISTRO} =~ (precise) ]]; then
 fi
 
 
-# RHEL6
-# -----
-
-if [[ $DISTRO =~ (rhel6) ]]; then
-
+if is_fedora; then
     # Disable selinux to avoid configuring to allow Apache access
     # to Horizon files (LP#1175444)
     if selinuxenabled; then
         sudo setenforce 0
     fi
+fi
+
+# RHEL6
+# -----
+
+if [[ $DISTRO =~ (rhel6) ]]; then
 
     # If the ``dbus`` package was installed by DevStack dependencies the
     # uuid may not be generated because the service was never started (PR#598200),