Project

General

Profile

Actions

Bug #19457

closed

Qrouterd is running unconfined

Added by Lukas Zapletal over 7 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
SElinux
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

We need to add a policy to it. Maybe we can simply reuse qpid policy from RHEL with few changes. There is an option to make this a work item for RHEL platform team, but in any case we need to add ports 5671-5672 into qrouterd policy since these are unstandard AMQP port numbers we use both on Foreman and Proxy.


Files

qdrouterd_selinux.tar.gz qdrouterd_selinux.tar.gz 49.1 KB Draft qdrouterd Selinux policy (needs more testing) Jerone Young, 06/11/2017 03:17 PM
Actions #1

Updated by Justin Sherrill over 7 years ago

  • Translation missing: en.field_release set to 114
Actions #2

Updated by Jerone Young over 7 years ago

To add. I created a policy for qrouterd that isn't fully tested by might help get this going. It was created for capsule servers.

Doesn't look like the qpidd policy can be reused for this case.

This has mainly just been tested with Capsule servers.

Though it does need network ports:
5646 & 5647

For a capsule server.

I've attached what I did as mores an example that can help get things going.

Actions #3

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Status changed from New to Rejected
  • Triaged set to No

qpid (and thus qdrouterd) is going away.

Actions

Also available in: Atom PDF