Actions
User story #7054
closed
Confine Rudder processes with SELinux
Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
Description
SELinux policies in 3.1 allow enabling SELinux on the systems, but the Rudder processes are still unconfined.
We could define types for the different parts of Rudder and enforce fileacces and port restrictions on them.
Updated by Alexis Mousset about 5 years ago
Done for relayd in 6.0. Keeping for other service, especially for cf-serverd and rudder-jetty.
Updated by Alexis Mousset almost 3 years ago
- Status changed from New to Rejected
Should be done on a case by case approach, and systemd/namespace/seccomp hardening is probably more important anyway.
Actions