Bug 1664345

Summary: tangd_t should NOT remain in permissive domain + tangd_t should be able to access an additional tcp port
Product: Red Hat Enterprise Linux 8 Reporter: Daniel Kopeček <dkopecek>
Component: selinux-policyAssignee: Lukas Vrabec <lvrabec>
Status: CLOSED CURRENTRELEASE QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact: Mirek Jahoda <mjahoda>
Priority: high    
Version: 8.0CC: dapospis, igkioka, lvrabec, mjahoda, mmalik, mthacker, mzeleny, plautrba, ssekidde, tomek, zpytela
Target Milestone: rcKeywords: EasyFix, FutureFeature, SELinux
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.14.1-51.el8 Doc Type: Enhancement
Doc Text:
.`tangd_port_t` allows changes of the default port for Tang This update introduces the `tangd_port_t` SELinux type that allows the `tangd` service run as confined with SELinux enforcing mode. That change helps to simplify configuring a Tang server to listen on a user-defined port and it also preserves the security level provided by SELinux in enforcing mode. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption] section for more information.
 Story Points: ---
Clone Of: 1650909 Environment:
Last Closed: 2019-06-14 01:03:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1650909    
Bug Blocks:    

Comment 14 Daniel Kopeček 2019-01-14 09:32:03 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1650909#c12
Comment 15 Lukas Vrabec 2019-01-14 11:34:06 UTC 
Mirek, 

We need to mention comment#11 in documentation for tangd.