Bug 1477609 - RFE: Provide sebooleans for PCP PMDAs
RFE: Provide sebooleans for PCP PMDAs
Status: NEW
Product: Fedora
Classification: Fedora
Component: pcp (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Lukas Berk
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-02 09:14 EDT by Marko Myllynen
Modified: 2017-08-23 10:11 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marko Myllynen 2017-08-02 09:14:57 EDT
Description of problem:
There's been great efforts in upstream to provide SELinux compatibility for PCP PMDAs. However, the current approach is all-or-nothing meaning that installing pcp-selinux will drop SELinux protections for any supported PMDA even if none or only one is needed.

It would be nice if SELinux booleans would be available to control the SELinux / PMDA restrictions, on SELinux-enabled systems PMDA Install/Remove scripts could transparently enable/disable these (and on non-SELinux ignore them). This would make the system more secure by not allowing access from pmcd to any other component except for which have been enabled by the administrator.

Thanks.

Note You need to log in before you can comment on or make changes to this bug.