Project

General

Custom queries

Profile

Actions

Feature #4464

closed

Implement SELinux policy for smart-proxy

Added by Lukas Zapletal about 11 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Urgent
Category:
Packaging
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Now the question is how deep we want to go. Smart proxy can be configured to spawn virsh via sudo and other stuff. I guess we should limit what is covered by the policy.

Actions #1

Updated by Dominic Cleal about 11 years ago

Agreed... the trouble is also that the proxy codebase is messy and it has a lot of ugly implementations. I think the policy should probably be very tunable depending on what type of work the proxy is configured for.

Actions #2

Updated by Lukas Zapletal almost 11 years ago

  • Priority changed from Normal to High

OSP guys rely on this feature, boosting priority: https://bugzilla.redhat.com/show_bug.cgi?id=1105154

Actions #4

Updated by Lukas Zapletal over 10 years ago

  • Status changed from New to Assigned
  • Assignee set to Lukas Zapletal
  • Priority changed from High to Urgent

Yup, it's official. I started works on the foreman-proxy policy.

Actions #12

Updated by Anonymous over 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF