Project

General

Profile

Actions

Refactor #5877

closed

Introduce foreman_t domain

Added by Lukas Zapletal almost 10 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Since Passenger 4.0 which allows us to change context of running apps is now both upstream and downstream, we should refactor our policy:

- introduce passenger wrapper scripts for foreman (and katello?)
- move foreman rules from passenger_t to the foreman_t
- review httpd_t domain and rules (do we need it?)
- tighten things up and do cleanup

Actions #1

Updated by Lukas Zapletal almost 10 years ago

Also there is one block "passenger_run_puppetmaster" which we can refactor/get rid of only after we migrate foreman into separate domain and we will be able to determine which of these rules are required by foreman and which of these can go away.

It would be good to work with SELinux team to create rules in the base puppet policy (optional, by default turned off because it does not use passenger by default). But that would be better place to carry those.

Actions #2

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

This is very old and we have a foreman_rails_t domain now. Is this still needed or can it be closed?

Actions #3

Updated by Lukas Zapletal over 1 year ago

  • Status changed from New to Closed

Yeah feel free to close, there will probably be more of these "ideas" that got implemented along the way.

Actions

Also available in: Atom PDF