Bug #30465: Pulpcore services run unconfined in SELinux - Installer - Foreman

Actions

Copy link

Bug #30465

closed

Pulpcore services run unconfined in SELinux

Added by Ewoud Kohl van Wijngaarden over 4 years ago. Updated about 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Ewoud Kohl van Wijngaarden

Category:

Foreman modules

Target version:

Foreman - 2.3.0

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/puppet-pulpcore/pull/116

Fixed in Releases:

Foreman - 2.3.0

Found in Releases:

Foreman - 2.0.1, Foreman - 2.1.0

Red Hat JIRA:

Description

Currently the services run unconfined because pulpcore-selinux only labels /usr/{local,lib/pulp}/bin/{gunicorn,rq} but RPM packages install to /usr/bin/{gunicorn,rq}. Labelling those with pulpcore_exec_t feels incorrect so I'm suggesting to introduce /usr/libexec/pulpcore/{gunicorn,rq} wrappers with the correct SELinux labels.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Installer

Custom queries

Bug #30465

Pulpcore services run unconfined in SELinux

Updated by The Foreman Bot over 4 years ago

Updated by Ewoud Kohl van Wijngaarden over 4 years ago

Updated by Eric Helms over 4 years ago

Updated by Ewoud Kohl van Wijngaarden about 4 years ago

Updated by Tomer Brisker about 4 years ago