Project

General

Profile

Actions
Copy link

Bug #30465

closed

Pulpcore services run unconfined in SELinux

Added by Ewoud Kohl van Wijngaarden over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ewoud Kohl van Wijngaarden
Category:
Foreman modules
Target version:
Foreman - 2.3.0
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/puppet-pulpcore/pull/116
Fixed in Releases:
Foreman - 2.3.0
Found in Releases:
Foreman - 2.0.1, Foreman - 2.1.0
Red Hat JIRA:

Description

Currently the services run unconfined because pulpcore-selinux only labels /usr/{local,lib/pulp}/bin/{gunicorn,rq} but RPM packages install to /usr/bin/{gunicorn,rq}. Labelling those with pulpcore_exec_t feels incorrect so I'm suggesting to introduce /usr/libexec/pulpcore/{gunicorn,rq} wrappers with the correct SELinux labels.

Actions
Copy link
 #1

Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ewoud Kohl van Wijngaarden
  • Pull request https://github.com/theforeman/puppet-pulpcore/pull/116 added
Actions
Copy link
 #2

Updated by Ewoud Kohl van Wijngaarden over 4 years ago

  • Target version set to 2.2.0
  • Triaged changed from No to Yes
Actions
Copy link
 #3

Updated by Eric Helms over 4 years ago

  • Target version changed from 2.2.0 to 2.3.0
Actions
Copy link
 #4

Updated by Ewoud Kohl van Wijngaarden about 4 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #5

Updated by Tomer Brisker about 4 years ago

  • Fixed in Releases 2.3.0 added
Actions
Copy link

Also available in: Atom PDF