Feature #4464
Implement SELinux policy for smart-proxy
Description
Now the question is how deep we want to go. Smart proxy can be configured to spawn virsh via sudo and other stuff. I guess we should limit what is covered by the policy.
Associated revisions
History
#1
Updated by Dominic Cleal over 8 years ago
Agreed... the trouble is also that the proxy codebase is messy and it has a lot of ugly implementations. I think the policy should probably be very tunable depending on what type of work the proxy is configured for.
#2
Updated by Lukas Zapletal about 8 years ago
- Priority changed from Normal to High
OSP guys rely on this feature, boosting priority: https://bugzilla.redhat.com/show_bug.cgi?id=1105154
#3
Updated by Lukas Zapletal about 8 years ago
- Target version set to 1.7.5
#4
Updated by Lukas Zapletal almost 8 years ago
- Status changed from New to Assigned
- Assignee set to Lukas Zapletal
- Priority changed from High to Urgent
Yup, it's official. I started works on the foreman-proxy policy.
#5
Updated by The Foreman Bot almost 8 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/smart-proxy/pull/201 added
- Pull request deleted (
)
#6
Updated by Dominic Cleal almost 8 years ago
- Status changed from Ready For Testing to Assigned
#7
Updated by Dmitri Dolguikh almost 8 years ago
- Target version changed from 1.7.5 to 1.7.4
#8
Updated by The Foreman Bot almost 8 years ago
- Status changed from Assigned to Ready For Testing
#9
Updated by Dmitri Dolguikh almost 8 years ago
- Target version changed from 1.7.4 to 1.7.3
#10
Updated by Dominic Cleal almost 8 years ago
- Target version changed from 1.7.3 to 1.7.2
#11
Updated by Dominic Cleal over 7 years ago
- Legacy Backlogs Release (now unused) set to 28
#12
Updated by Anonymous over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset f4a857f6005b4ed1183219b5ef1ac5f90ffd0a32.
Fixes #4464 - policy for foreman-proxy