1074384 – Beaker does not work with SELinux in enforcing mode

Bug 1074384 - Beaker does not work with SELinux in enforcing mode

Summary: Beaker does not work with SELinux in enforcing mode

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Beaker
Classification:	Retired
Component:	general
Sub Component:
Version:	0.15
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	beaker-dev-list
QA Contact:	tools-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-10 04:26 UTC by Dan Callaghan
Modified:	2020-10-21 14:13 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-21 14:12:36 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dan Callaghan 2014-03-10 04:26:48 UTC

In our docs we currently advise disabling SELinux on Beaker installations because it is known not to work in enforcing mode. Nobody ever wrote an SELinux policy module for Beaker.

Comment 1 Dan Callaghan 2014-03-10 04:28:52 UTC

The first step would be to run the test suite in Permissive mode and collect the AVC denials. We can craft a policy module based on those (audit2allow could help with that). The goal would be to enable Enforcing mode in the dogfood tests.

Then at some point in the future we may have enough confidence in the policy to update our docs not to recommend disabling SELinux.

Comment 3 Dan Callaghan 2015-05-06 03:24:22 UTC

(In reply to Dan Callaghan from comment #1)
> The first step would be to run the test suite in Permissive mode

I learnt at Devconf this year that that is actually not a good approach :-)

https://www.youtube.com/watch?v=zQcYXJkwTns

Note You need to log in before you can comment on or make changes to this bug.