1664345 – tangd_t should NOT remain in permissive domain + tangd_t should be able to access an additional tcp port

Bug 1664345 - tangd_t should NOT remain in permissive domain + tangd_t should be able to access an additional tcp port

Summary: tangd_t should NOT remain in permissive domain + tangd_t should be able to ac...

Reported:	2019-01-08 14:20 UTC by Daniel Kopeček
Modified:	2019-06-14 01:03 UTC (History)
CC List:	11 users (show)
Fixed In Version:	selinux-policy-3.14.1-51.el8
Doc Type:	Enhancement
Doc Text:	.`tangd_port_t` allows changes of the default port for Tang This update introduces the `tangd_port_t` SELinux type that allows the `tangd` service run as confined with SELinux enforcing mode. That change helps to simplify configuring a Tang server to listen on a user-defined port and it also preserves the security level provided by SELinux in enforcing mode. See the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/security_hardening/index#configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_security-hardening[Configuring automated unlocking of encrypted volumes using policy-based decryption] section for more information.
Clone Of:	1650909
Environment:
Last Closed:	2019-06-14 01:03:30 UTC
Type:	Bug
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Comment 14 Daniel Kopeček 2019-01-14 09:32:03 UTC

https://bugzilla.redhat.com/show_bug.cgi?id=1650909#c12

Comment 15 Lukas Vrabec 2019-01-14 11:34:06 UTC

Mirek, 

We need to mention comment#11 in documentation for tangd.

Note You need to log in before you can comment on or make changes to this bug.