Hi,
I saw several bugs where boltd daemon runs as unconfined_service_t. I have prepared new SELinux module for it.
I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will be in permissive mode, which means policy for boltd won't be enforced by kernel, just AVCs will be logged even if the whole system will be in Enforcing state.
If you'll find some AVCs related to boltd, please use this bugzilla[1] to report them.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974.
Thanks, Lukas.
Hi All,
Adding builds with boltd SELinux support.
Fedora 28: https://koji.fedoraproject.org/koji/buildinfo?buildID=1134436
Fedora Rawhide https://koji.fedoraproject.org/koji/buildinfo?buildID=1134361
SELinux denials please report here: https://bugzilla.redhat.com/show_bug.cgi?id=1607974
Thanks, Lukas.
On 08/07/2018 11:19 AM, Lukas Vrabec wrote:
Hi,
I saw several bugs where boltd daemon runs as unconfined_service_t. I have prepared new SELinux module for it.
I'll push it to Fedora Rawhide and also Fedora 28 soon. This module will be in permissive mode, which means policy for boltd won't be enforced by kernel, just AVCs will be logged even if the whole system will be in Enforcing state.
If you'll find some AVCs related to boltd, please use this bugzilla[1] to report them.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1607974.
Thanks, Lukas.
selinux@lists.fedoraproject.org
-
Lukas Vrabec