[katello-devel] Foreman and - yeah - SELinux
Bryan Kearney
bkearney at redhat.com
Tue Oct 2 11:55:42 UTC 2012
On 10/02/2012 07:04 AM, Lukas Zapletal wrote:
> Guys,
>
> I have noticed we do not have any selinux policy for Foreman, but we
> start it in the confined mode. Therefore once we start with more
> integrations we will likely hit an issue - Foreman won't be able to do
> anything in confined mode :-)
>
> I am putting new item on the backlog:
>
> As a user, I'd like to have SELinux policy for Foreman
>
> I have also noticed there is now thin_d domain in both Fedoras and
> RHEL6. We run the main Katello process in the initrc_t domain which is
> nasty. Therefore I am crating another sprint task:
>
> As a dev, I'd like run katello process in its own domain
>
> Our current SELinux policies are quite permissive and they were created
> quickly, maybe it's the time to harden the stuff:
>
> As a dev, I'd like to harden Katello SELinux policy
>
> Now the question is if Foreman developers are able to deliver this
> feature for us, because from our experiences with SELinux it is always
> better when devs with experiences with the codebase are hardering the
> stuff. Otherwise we can only provide lower quality "get it only working"
> version, which is also usually not tested enough (guys are often running
> in to issues due to missing rules).
>
> LZ
>
Thanks... will prioritize these.
-- bk
More information about the katello-devel
mailing list