Red Hat Bugzilla – Bug 1477609
RFE: Provide sebooleans for PCP PMDAs
Last modified: 2017-08-23 10:11:40 EDT
Description of problem:
There's been great efforts in upstream to provide SELinux compatibility for PCP PMDAs. However, the current approach is all-or-nothing meaning that installing pcp-selinux will drop SELinux protections for any supported PMDA even if none or only one is needed.
It would be nice if SELinux booleans would be available to control the SELinux / PMDA restrictions, on SELinux-enabled systems PMDA Install/Remove scripts could transparently enable/disable these (and on non-SELinux ignore them). This would make the system more secure by not allowing access from pmcd to any other component except for which have been enabled by the administrator.