2158402 – SELinux policy (daemons) changes required for package: synce4l in RHEL 9.0.0

Bug 2158402 - SELinux policy (daemons) changes required for package: synce4l in RHEL 9.0.0

Summary: SELinux policy (daemons) changes required for package: synce4l in RHEL 9.0.0

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	9.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Nikola Knazekova
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2143264
TreeView+	depends on / blocked

Reported:	2023-01-05 10:31 UTC by RHEL Process Automation
Modified:	2023-08-08 16:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-08-08 16:11:43 UTC
Type:	---
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-144006	0	None	None	None	2023-01-05 10:42:01 UTC

Description RHEL Process Automation 2023-01-05 10:31:59 UTC

Package synce4l has been added to RHEL 9.0.0

Various security standards (e. g. CIS Server Level 2 benchmark) and scanners
(Openscap) request "Ensure no daemons are unconfined by SELinux".
To comply with this requirement, a security policy for your component needs to
be shipped either as part of selinux-policy package, or as a sub-package of
your component. If such a policy does not already exist, e. g. as a part of
your project upstream, it needs to be created in order for your package be
accepted into RHEL. Maintaining the selinux subpackage of the component takes
the advantage of having the package enhancements and its SELinux support
synchronized in time. Please follow the instructions in
https://fedoraproject.org/wiki/SELinux/IndependentPolicy
and make necessary changes to make the content of the package SELinux confined.

A SELinux policy workshop [2] [3] is available on github as an additional resource.
You can look for additional help on the #selinux internal IRC channel or via the
selinux-policy-owner email.

[1] https://fedoraproject.org/wiki/SELinux/IndependentPolicy
[2] https://github.com/RedHatGov/redhatgov.github.io
[3] https://github.com/RedHatGov/redhatgov.workshops

Note You need to log in before you can comment on or make changes to this bug.