Project

General

Profile

Feature #4464

Implement SELinux policy for smart-proxy

Added by Lukas Zapletal almost 7 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Urgent
Category:
Packaging
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Now the question is how deep we want to go. Smart proxy can be configured to spawn virsh via sudo and other stuff. I guess we should limit what is covered by the policy.

Associated revisions

Revision f4a857f6 (diff)
Added by Lukas Zapletal about 6 years ago

Fixes #4464 - policy for foreman-proxy

History

#1 Updated by Dominic Cleal almost 7 years ago

Agreed... the trouble is also that the proxy codebase is messy and it has a lot of ugly implementations. I think the policy should probably be very tunable depending on what type of work the proxy is configured for.

#2 Updated by Lukas Zapletal over 6 years ago

  • Priority changed from Normal to High

OSP guys rely on this feature, boosting priority: https://bugzilla.redhat.com/show_bug.cgi?id=1105154

#3 Updated by Lukas Zapletal over 6 years ago

  • Target version set to 1.7.5

#4 Updated by Lukas Zapletal over 6 years ago

  • Status changed from New to Assigned
  • Assignee set to Lukas Zapletal
  • Priority changed from High to Urgent

Yup, it's official. I started works on the foreman-proxy policy.

#5 Updated by The Foreman Bot over 6 years ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/smart-proxy/pull/201 added
  • Pull request deleted ()

#6 Updated by Dominic Cleal over 6 years ago

  • Status changed from Ready For Testing to Assigned

#7 Updated by Dmitri Dolguikh over 6 years ago

  • Target version changed from 1.7.5 to 1.7.4

#8 Updated by The Foreman Bot over 6 years ago

  • Status changed from Assigned to Ready For Testing

#9 Updated by Dmitri Dolguikh about 6 years ago

  • Target version changed from 1.7.4 to 1.7.3

#10 Updated by Dominic Cleal about 6 years ago

  • Target version changed from 1.7.3 to 1.7.2

#11 Updated by Dominic Cleal about 6 years ago

  • Legacy Backlogs Release (now unused) set to 28

#12 Updated by Anonymous about 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF