DevHeads.net

SELinux support for boltd service

Hi,

I saw several bugs where boltd daemon runs as unconfined_service_t. I
have prepared new SELinux module for it.

I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will
be in permissive mode, which means policy for boltd won't be enforced by
kernel, just AVCs will be logged even if the whole system will be in
Enforcing state.

If you'll find some AVCs related to boltd, please use this bugzilla[1]
to report them.

[1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1607974" title="https://bugzilla.redhat.com/show_bug.cgi?id=1607974">https://bugzilla.redhat.com/show_bug.cgi?id=1607974</a>.

Thanks,
Lukas.

Comments

Re: SELinux support for boltd service

By Lukas Vrabec at 08/08/2018 - 00:42

Hi All,

Adding builds with boltd SELinux support.

Fedora 28:
<a href="https://koji.fedoraproject.org/koji/buildinfo?buildID=1134436" title="https://koji.fedoraproject.org/koji/buildinfo?buildID=1134436">https://koji.fedoraproject.org/koji/buildinfo?buildID=1134436</a>

Fedora Rawhide
<a href="https://koji.fedoraproject.org/koji/buildinfo?buildID=1134361" title="https://koji.fedoraproject.org/koji/buildinfo?buildID=1134361">https://koji.fedoraproject.org/koji/buildinfo?buildID=1134361</a>

SELinux denials please report here:
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1607974" title="https://bugzilla.redhat.com/show_bug.cgi?id=1607974">https://bugzilla.redhat.com/show_bug.cgi?id=1607974</a>

Thanks,
Lukas.

On 08/07/2018 11:19 AM, Lukas Vrabec wrote:

Re: SELinux support for boltd service

By Christian Kellner at 08/07/2018 - 07:17

Hi,

thanks for doing that, it is very much appreciated!

Cheers,
CK