Issue #564
Updated by bmbouter about 9 years ago
Description of problem: We have a line [0] line[0] in our selinux policy that grants unnecessary and potentially dangerous privilege to the httpd process. This is very likely a holdover from Pulp 1.x days, and I believe it can be safely removed. Version-Release number of selected component (if applicable): 2.4.0-1 How reproducible: Every time Steps to Reproduce: 1. Go to [0]. 2. Look for a line that says dontaudit httpd_t rpm_var_lib_t:dir { getattr search open }; Actual results: That line is there. Expected results: That line should not be there. Additional info: There might be a better way than looking at github to find out if we have that dontaudit rule, but I am not familiar enough with selinux yet to know. If there is a way to check on an installed system that there isn't a dontaudit rule, that would be a superior test. [0] https://github.com/pulp/pulp/blob/master/server/selinux/server/pulp-server.te#L31 + This bug was cloned from "Bugzilla Bug #1148999":https://bugzilla.redhat.com/show_bug.cgi?id=1148999 +