Skip to content

Commit

Permalink
Fixes #16227: Missing SELinux/systemd context for relayd on shared-fi…
Browse files Browse the repository at this point in the history 
…les folder
  • Loading branch information
@amousset
amousset committed Nov 21, 2019
1 parent e6fe4aa commit 4ff81c0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 2 additions & 0 deletions relay/sources/selinux/rudder-relay.fc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,7 @@
/opt/rudder/etc/relay(/.*)? gen_context(system_u:object_r:rudder_relayd_etc_t,s0)
/var/rudder/inventories(/.*)? gen_context(system_u:object_r:public_content_rw_t,s0)
/var/rudder/reports(/.*)? gen_context(system_u:object_r:public_content_rw_t,s0)
/var/rudder/shared-files(/.*)? gen_context(system_u:object_r:public_content_rw_t,s0)
/var/rudder/configuration-repository/shared-files(/.*)? gen_context(system_u:object_r:public_content_t,s0)
/var/rudder/lib/ssl/allnodescerts.pem -- gen_context(system_u:object_r:rudder_relayd_var_lib_t,s0)
/var/rudder/lib/relay/nodeslist.json -- gen_context(system_u:object_r:rudder_relayd_var_lib_t,s0)
2 changes: 1 addition & 1 deletion relay/sources/systemd/rudder-relayd-hardening
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
ProtectSystem=strict
ReadWritePaths=/var/rudder/reports /var/rudder/inventories
ReadWritePaths=/var/rudder/reports /var/rudder/inventories /var/rudder/shared-files
PrivateTmp=True

0 comments on commit 4ff81c0

Please sign in to comment.