Actions
Bug #6283
closed
Katello ping controller executes init scripts
Difficulty:
medium
Triaged:
Yes
Bugzilla link:
Pull request:
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1105085
Model class app/models/katello/ping.rb executes /etc/init.d/katello-jobs. This is security concern.
I am allowing this in our SELinux policy for now, because katello-jobs service will be removed for GA and it will be replaced by dynflow engine. All other services are checked with their API, I expect the same for dynflow so no services are needed to be executed at all.
Please remove this exec for GA once dynflow engine replace katello-jobs. Once this task is done, please raise a BZ on SELinux component to remove the rules.
PM: Please waive this for GA not Beta.
Updated by Dominic Cleal over 10 years ago
- Blocks Refactor #6284: Remove Passenger/init_exec_script_files policy added
Updated by Eric Helms over 10 years ago
- Blocked by Refactor #6297: Remove katello-jobs added
Updated by Eric Helms over 10 years ago
- Target version set to 49
- Difficulty set to medium
- Triaged set to Yes
Updated by Christine Fouant over 10 years ago
- Status changed from New to Assigned
Updated by Ivan Necas over 10 years ago
- Assignee changed from Christine Fouant to Ivan Necas
Updated by Eric Helms over 10 years ago
- Pull request https://github.com/Katello/katello/pull/4564 added
- Pull request deleted (
)
Updated by Eric Helms over 10 years ago
- Status changed from Assigned to Ready For Testing
Updated by Eric Helms over 10 years ago
- Translation missing: en.field_release set to 13
Updated by Ivan Necas over 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello|b58a527ec655066f636213ac93143f3baef6e218.
Actions