Bug 472609
Summary: | cimserver process requires "kill" access when PEGASUS_ENABLE_PRIVILEGE_SEPARATION enabled | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Denise Eckstein <denise.eckstein> |
Component: | tog-pegasus | Assignee: | Vitezslav Crhonek <vcrhonek> |
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE <qe-baseos-auto> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-05 16:33:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Denise Eckstein
2008-11-22 00:49:18 UTC
Because PEGASUS_ENABLE_PRIVILEGE_SEPARATION is disabled in tog-pegasus shipped in RHEL, we won't change the default policy to give cimserver kill access. Please consider building own SELinux module: http://magazine.redhat.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module/ Put this into new module to give cimserver desired access: #============= pegasus_t ============== allow pegasus_t self:capability kill; Thanks for the pointer. Using our own SELinux module would definitely make support for SELinux easier. Thanks, Denise |