Bug 1664345 - tangd_t should NOT remain in permissive domain + tangd_t should be able to access an additional tcp port
Summary: tangd_t should NOT remain in permissive domain + tangd_t should be able to ac...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: selinux-policy
Version: 8.0
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: 8.0
Assignee: Lukas Vrabec
QA Contact: Milos Malik
Mirek Jahoda
URL:
Whiteboard:
Depends On: 1650909
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-01-08 14:20 UTC by Daniel Kopeček
Modified: 2019-06-14 01:03 UTC (History)
11 users (show)

Fixed In Version: selinux-policy-3.14.1-51.el8
Doc Type: Enhancement
Doc Text:
.`tangd_port_t` allows changes of the default port for Tang This update introduces the `tangd_port_t` SELinux type that allows the `tangd` service run as confined with SELinux enforcing mode. That change helps to simplify configuring a Tang server to listen on a user-defined port and it also preserves the security level provided by SELinux in enforcing mode. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption] section for more information.
Clone Of: 1650909
Environment:
Last Closed: 2019-06-14 01:03:30 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Comment 14 Daniel Kopeček 2019-01-14 09:32:03 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=1650909#c12
Comment 15 Lukas Vrabec 2019-01-14 11:34:06 UTC 
Mirek, 

We need to mention comment#11 in documentation for tangd.
Note You need to log in before you can comment on or make changes to this bug.