874745 – [SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement

Bug 874745 - [SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement

Summary: [SELinux] [RFE] [RHGS] Red Hat Storage daemons need SELinux confinement

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	glusterd
Sub Component:
Version:	2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	urgent
Target Milestone:	---
Target Release:	RHGS 3.1.0
Assignee:	Bug Updates Notification Mailing List
QA Contact:	Prasanth
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	852266 (view as bug list)
Depends On:	852266 874597
Blocks:	858940 1202842 1212796
TreeView+	depends on / blocked

Reported:	2012-11-08 18:45 UTC by David Egts
Modified:	2015-07-29 04:28 UTC (History)
CC List:	11 users (show)
Fixed In Version:	glusterfs-3.7.1-8
Doc Type:	Enhancement
Doc Text:	With this release of Red Hat Gluster Storage, SELinux is enabled. This enforces mandatory access-control policies for user programs and system services. This limits the privilege of the user programs and system services to the minimum required, thereby reducing or eliminating their ability to cause harm.
Clone Of:
Environment:
Last Closed:	2015-07-29 04:28:01 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:1495	0	normal	SHIPPED_LIVE	Important: Red Hat Gluster Storage 3.1 update	2015-07-29 08:26:26 UTC

Description David Egts 2012-11-08 18:45:45 UTC

Description of problem:

Red Hat Storage daemons are not confined by SELinux policy.  As such, a security vulnerability in a RHS daemon could compromize the entire server and give it the opportunity to take over other RHS servers and clients and compromize other systems.

Version-Release number of selected component (if applicable): 2.0

How reproducible: 100%

Additional info: This BZ depends upon BZ874597.

Comment 2 Brian Foster 2014-03-12 13:14:31 UTC

*** Bug 852266 has been marked as a duplicate of this bug. ***

Comment 8 Vivek Agarwal 2015-07-27 11:21:13 UTC

Looks good to me

Comment 9 Prasanth 2015-07-27 17:41:16 UTC

SELinux support is made available from RHGS-3.1 release and as a result SELinux is set to ENFORCING by default in any fresh install of RHGS.

Hence, marking this BZ as Verified.

Comment 11 errata-xmlrpc 2015-07-29 04:28:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-1495.html

Note You need to log in before you can comment on or make changes to this bug.