Bug 874745 - [SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement
[SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: glusterd (Show other bugs)
2.0
Unspecified Unspecified
medium Severity urgent
: ---
: RHGS 3.1.0
Assigned To: Bug Updates Notification Mailing List
Prasanth
: FutureFeature
: 852266 (view as bug list)
Depends On: 852266 874597
Blocks: 858940 1202842 1212796
  Show dependency treegraph
 
Reported: 2012-11-08 13:45 EST by David Egts
Modified: 2015-07-29 00:28 EDT (History)
11 users (show)

See Also:
Fixed In Version: glusterfs-3.7.1-8
Doc Type: Enhancement
Doc Text:
With this release of Red Hat Gluster Storage, SELinux is enabled. This enforces mandatory access-control policies for user programs and system services. This limits the privilege of the user programs and system services to the minimum required, thereby reducing or eliminating their ability to cause harm.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 00:28:01 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Egts 2012-11-08 13:45:45 EST
Description of problem:

Red Hat Storage daemons are not confined by SELinux policy.  As such, a security vulnerability in a RHS daemon could compromize the entire server and give it the opportunity to take over other RHS servers and clients and compromize other systems.

Version-Release number of selected component (if applicable): 2.0

How reproducible: 100%

Additional info: This BZ depends upon BZ874597.
Comment 2 Brian Foster 2014-03-12 09:14:31 EDT
*** Bug 852266 has been marked as a duplicate of this bug. ***
Comment 8 Vivek Agarwal 2015-07-27 07:21:13 EDT
Looks good to me
Comment 9 Prasanth 2015-07-27 13:41:16 EDT
SELinux support is made available from RHGS-3.1 release and as a result SELinux is set to ENFORCING by default in any fresh install of RHGS.

Hence, marking this BZ as Verified.
Comment 11 errata-xmlrpc 2015-07-29 00:28:01 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html

Note You need to log in before you can comment on or make changes to this bug.