Actions
User story #7054
closed
Confine Rudder processes with SELinux
Status:
Rejected
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:
Description
SELinux policies in 3.1 allow enabling SELinux on the systems, but the Rudder processes are still unconfined.
We could define types for the different parts of Rudder and enforce fileacces and port restrictions on them.
Updated by
Actions