Project

Profile

Help

Task #1811

Give importer certs their own SELinux label

Added by bmbouter over 4 years ago. Updated over 1 year ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2, SELinux
Sprint:
Quarter:

Description

If you configure a cert for an importer to use it should have its own SELinux filesystem type that is different from other Pulp content in /var/lib/pulp/

For example this cert:

/var/lib/pulp/importers/Default_Organization-Red_Hat_Enterprise_Linux_Server-Red_Hat_Enterprise_Linux_7_Server_RPMs_x86_64_7Server-yum_importer/pki/ca.crt

Currently gets these permissions:

-rw-------. apache apache
system_u:object_r:httpd_sys_rw_content_t:s0

Instead it should get some Pulp specific type so that there is significantly less read access to these files. The SELinux policies will also have to be updated to match.

History

#1 Updated by mhrivnak over 4 years ago

  • Tracker changed from Issue to Task
  • Groomed set to No
  • Sprint Candidate set to No

#2 Updated by bmbouter over 4 years ago

  • Parent task set to #1826

#3 Updated by bmbouter over 4 years ago

  • Tags SELinux added

#4 Updated by bmbouter over 4 years ago

  • Parent task deleted (#1826)

#5 Updated by bmbouter over 1 year ago

  • Status changed from NEW to CLOSED - WONTFIX

#6 Updated by bmbouter over 1 year ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#7 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF