Project

General

Profile

Bug #19457

Qrouterd is running unconfined

Added by Lukas Zapletal about 2 years ago. Updated 11 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
SElinux
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

We need to add a policy to it. Maybe we can simply reuse qpid policy from RHEL with few changes. There is an option to make this a work item for RHEL platform team, but in any case we need to add ports 5671-5672 into qrouterd policy since these are unstandard AMQP port numbers we use both on Foreman and Proxy.

qdrouterd_selinux.tar.gz qdrouterd_selinux.tar.gz 49.1 KB Draft qdrouterd Selinux policy (needs more testing) Jerone Young, 06/11/2017 03:17 PM

History

#1 Updated by Justin Sherrill about 2 years ago

  • Legacy Backlogs Release (now unused) set to 114

#2 Updated by Jerone Young about 2 years ago

To add. I created a policy for qrouterd that isn't fully tested by might help get this going. It was created for capsule servers.

Doesn't look like the qpidd policy can be reused for this case.

This has mainly just been tested with Capsule servers.

Though it does need network ports:
5646 & 5647

For a capsule server.

I've attached what I did as mores an example that can help get things going.

Also available in: Atom PDF