Project

General

Profile

Actions

Architecture #6517

closed

User story #6589: Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance

User story #2882: Rudder should be SELinux compliant

Authorize on SELinux directories used for webdav on the server

Added by François ARMAND almost 9 years ago. Updated almost 9 years ago.

Status:
Released
Priority:
2
Category:
System integration
Target version:
Effort required:
Name check:
Fix check:
Regression:

Description

We need the rule to authorize read/write/delete from Apache webdav (and our send-clean scrip ?) on the directories used to store inventories (see question #6467)

Actions #1

Updated by Matthieu CERDA almost 9 years ago

I guess adding:
  • setsebool -P httpd_can_network_connect on
  • chcon -Rv --type=httpd_sys_content_t /var/rudder/inventories

Would certainly be enough :)

Actions #2

Updated by Matthieu CERDA almost 9 years ago

  • Status changed from New to Pending technical review
  • Assignee changed from Matthieu CERDA to Benoît PECCATTE
  • % Done changed from 0 to 100
  • Pull Request set to https://github.com/Normation/rudder-packages/pull/638
Actions #3

Updated by Matthieu CERDA almost 9 years ago

  • Pull Request changed from https://github.com/Normation/rudder-packages/pull/638 to https://github.com/Normation/rudder-packages/pull/639
Actions #4

Updated by Matthieu CERDA almost 9 years ago

  • Status changed from Pending technical review to Pending release
Actions #6

Updated by Vincent MEMBRÉ almost 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.0~beta1 which were released today.

Actions

Also available in: Atom PDF