DevHeads.net

SELinux support for boltd service

Hi,

I saw several bugs where boltd daemon runs as unconfined_service_t. I
have prepared new SELinux module for it.

I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will
be in permissive mode, which means policy for boltd won't be enforced by
kernel, just AVCs will be logged even if the whole system will be in
Enforcing state.

If you'll find some AVCs related to boltd, please use this bugzilla[1]
to report them.

[1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1607974" title="https://bugzilla.redhat.com/show_bug.cgi?id=1607974">https://bugzilla.redhat.com/show_bug.cgi?id=1607974</a>.

Thanks,
Lukas.