Bug 874745

Summary: [SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: David Egts <degts>
Component: glusterdAssignee: Bug Updates Notification Mailing List <rhs-bugs>
Status: CLOSED ERRATA QA Contact: Prasanth <pprakash>
Severity: urgent Docs Contact:
Priority: medium    
Version: 2.0CC: bbuckley, bmohanra, ghelleks, howey.vernon, pprakash, rcyriac, rhs-bugs, sdharane, sgraf, vagarwal, vbellur
Target Milestone: ---Keywords: FutureFeature
Target Release: RHGS 3.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glusterfs-3.7.1-8 Doc Type: Enhancement
Doc Text:
With this release of Red Hat Gluster Storage, SELinux is enabled. This enforces mandatory access-control policies for user programs and system services. This limits the privilege of the user programs and system services to the minimum required, thereby reducing or eliminating their ability to cause harm.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 04:28:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 852266, 874597    
Bug Blocks: 858940, 1202842, 1212796    

Description David Egts 2012-11-08 18:45:45 UTC 
Description of problem:

Red Hat Storage daemons are not confined by SELinux policy.  As such, a security vulnerability in a RHS daemon could compromize the entire server and give it the opportunity to take over other RHS servers and clients and compromize other systems.

Version-Release number of selected component (if applicable): 2.0

How reproducible: 100%

Additional info: This BZ depends upon BZ874597.
Comment 2 Brian Foster 2014-03-12 13:14:31 UTC 
*** Bug 852266 has been marked as a duplicate of this bug. ***
Comment 8 Vivek Agarwal 2015-07-27 11:21:13 UTC 
Looks good to me
Comment 9 Prasanth 2015-07-27 17:41:16 UTC 
SELinux support is made available from RHGS-3.1 release and as a result SELinux is set to ENFORCING by default in any fresh install of RHGS.

Hence, marking this BZ as Verified.
Comment 11 errata-xmlrpc 2015-07-29 04:28:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html