Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Granted more access to certificates directory for CFEngine components in SELinux policy #5648

Merged
merged 1 commit into from
Dec 3, 2024
Merged

Granted more access to certificates directory for CFEngine components in SELinux policy #5648

merged 1 commit into from
Dec 3, 2024

Conversation

craigcomstock
Copy link
Contributor

@craigcomstock craigcomstock commented Dec 3, 2024
edited
Loading

Were found to be needed in 3.21.6a and 3.24.1a testing on rhel-9 hubs.
Policy works on rhel-8 as well.

Ticket: ENT-12466
Changelog: title

This was referenced Dec 3, 2024
Merged
Merged
nickanderson
nickanderson previously approved these changes Dec 3, 2024
View reviewed changes
@craigcomstock
Copy link
Contributor Author

Same issues were observed in 3.24.1a on rhel-9.
These policies can compile and be loaded on rhel-8 as well even though the AVCs don't occur there.

@craigcomstock craigcomstock changed the title Added read and open access for cert_t:dir to httpd, postgres and cf-hub Added read and open access for cert_t:dir to httpd, postgres, cf-hub and cf-reactor Dec 3, 2024
@craigcomstock
Granted more access to certificates directory for CFEngine components…
3741e3d 
… in SELinux policy

Were found to be needed in 3.21.6a and 3.24.1a testing on rhel-9 hubs.
Policy works on rhel-8 as well.

Ticket: ENT-12466
Changelog: title
@craigcomstock craigcomstock changed the title Added read and open access for cert_t:dir to httpd, postgres, cf-hub and cf-reactor Granted more access to certificates directory for CFEngine components in SELinux policy Dec 3, 2024
@craigcomstock craigcomstock merged commit 50afb6f into cfengine:master Dec 3, 2024
12 checks passed
@craigcomstock craigcomstock deleted the ENT-12466-4/master branch December 3, 2024 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickanderson nickanderson nickanderson approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@craigcomstock @nickanderson