SELinux policy draft for beats

[fuero]

Triggered by this discussion I'm proposing this as a draft for a EL SELinux policy confining the various beats from this repository. I've started with filebeat, auditbeat, and journalbeat.

I've added the spec file for the RPM as well, and tested this on CentOS Linux release 7.4.1708 (Core).

[elasticmachine]

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

[ruflin]

@fuero I would like to have @andrewkroh a look on this one. But until he finds the time, could you sign the CLA?

[andrewkroh]

In order for us to support selinux policies for Beats we need to setup an environment where SELinux is enforcing, then execute our test suite (or a subset), and verify that there were no AVC errors in the audit log.

So the next step for this in my mind is to get a CI server setup on RHEL with SELinux enforcing.

[fuero]

Sorry for the late reply, I've signed the agreement a short time after posting the PR and again just now.

[elmchaouki]

Hello everyone,

Any news about SELinux policy for auditbeat ?

thanks.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

Expand to view the summary

Build stats

• Build Cause: [Branch indexing]

• Reason: The PR is not allowed to run in the CI yet

• Start Time: 2020-05-13T15:47:52.124+0000

• Duration: 7 min 17 sec (436894)

• Commit: 3ff1557

Steps errors

Expand to view the steps failures

• Name: Error signal

  • Description: githubPrCheckApproved: The PR is not allowed to run in the CI yet. (Only users with write permission

  • Result: FAILURE

  • Duration: 0 min 0 sec

  • Start Time: 2020-05-13T15:54:13.653+0000

  • log

Log output

Expand to view the last 100 lines of log output

[2020-05-13T15:53:52.990Z] + git rev-parse HEAD
[2020-05-13T15:53:55.133Z] + git rev-parse HEAD
[2020-05-13T15:53:56.021Z] + git rev-parse origin/pr/6103
[2020-05-13T15:53:56.817Z] [INFO] githubEnv: Found Git Build Cause: pr
[2020-05-13T15:54:02.449Z] Masking supported pattern matches of $GITHUB_TOKEN
[2020-05-13T15:54:09.453Z] [WARN] githubApiCall: The REST API call https://api.github.com/repos/elastic/beats/pulls/6103/reviews return 0 elements
[2020-05-13T15:54:10.591Z] [INFO] githubPrCheckApproved: Title: SELinux policy draft for beats - User: fuero - Author Association: FIRST_TIME_CONTRIBUTOR
[2020-05-13T15:54:13.712Z] ERROR: githubPrCheckApproved: The PR is not allowed to run in the CI yet
[2020-05-13T15:54:13.712Z] ERROR: githubPrCheckApproved: The PR is not allowed to run in the CI yet. (Only users with write permissions can do so.)
[2020-05-13T15:54:14.644Z] [INFO] Let's stop build #122. The PR is not allowed to run in the CI yet
[2020-05-13T15:54:14.918Z] Sleeping for 5 sec
[2020-05-13T15:54:18.433Z] Stage "Lint" skipped due to earlier failure(s)
[2020-05-13T15:54:19.070Z] Stage "Build and Test" skipped due to earlier failure(s)
[2020-05-13T15:54:22.883Z] Stage "Elastic Agent x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:22.888Z] Stage "Elastic Agent x-pack Windows" skipped due to earlier failure(s)
[2020-05-13T15:54:22.930Z] Stage "Elastic Agent Mac OS X" skipped due to earlier failure(s)
[2020-05-13T15:54:22.958Z] Stage "Filebeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:22.996Z] Stage "Filebeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:23.017Z] Stage "Filebeat Mac OS X" skipped due to earlier failure(s)
[2020-05-13T15:54:23.019Z] Stage "Filebeat Windows" skipped due to earlier failure(s)
[2020-05-13T15:54:23.020Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.021Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:23.134Z] Stage "Auditbeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:23.158Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.159Z] Stage "Libbeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:23.222Z] Stage "Metricbeat OSS Unit tests" skipped due to earlier failure(s)
[2020-05-13T15:54:23.225Z] Stage "Metricbeat OSS Integration tests" skipped due to earlier failure(s)
[2020-05-13T15:54:23.300Z] Stage "Metricbeat Python integration tests" skipped due to earlier failure(s)
[2020-05-13T15:54:23.315Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:23.317Z] Stage "Metricbeat crosscompile" skipped due to earlier failure(s)
[2020-05-13T15:54:23.397Z] Stage "Metricbeat Mac OS X" skipped due to earlier failure(s)
[2020-05-13T15:54:23.399Z] Stage "Metricbeat Windows" skipped due to earlier failure(s)
[2020-05-13T15:54:23.458Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.481Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.511Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.531Z] Stage "Winlogbeat Windows x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:23.628Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.629Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:23.739Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-13T15:54:23.754Z] Stage "Kubernetes" skipped due to earlier failure(s)
[2020-05-13T15:54:25.680Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.682Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:25.684Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.686Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:25.689Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.706Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.756Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.794Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.888Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:25.907Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-13T15:54:29.706Z] Click here to forcibly terminate running steps
[2020-05-13T15:54:31.445Z] Failed in branch Elastic Agent x-pack
[2020-05-13T15:54:31.447Z] Failed in branch Elastic Agent x-pack Windows
[2020-05-13T15:54:31.448Z] Failed in branch Elastic Agent Mac OS X
[2020-05-13T15:54:31.460Z] Failed in branch Filebeat oss
[2020-05-13T15:54:31.461Z] Failed in branch Filebeat x-pack
[2020-05-13T15:54:31.462Z] Failed in branch Filebeat Mac OS X
[2020-05-13T15:54:31.463Z] Failed in branch Filebeat Windows
[2020-05-13T15:54:31.470Z] Failed in branch Auditbeat x-pack
[2020-05-13T15:54:31.471Z] Failed in branch Libbeat x-pack
[2020-05-13T15:54:31.472Z] Failed in branch Metricbeat OSS Unit tests
[2020-05-13T15:54:31.473Z] Failed in branch Metricbeat OSS Integration tests
[2020-05-13T15:54:31.523Z] Failed in branch Metricbeat Python integration tests
[2020-05-13T15:54:31.543Z] Failed in branch Metricbeat crosscompile
[2020-05-13T15:54:31.545Z] Failed in branch Metricbeat Mac OS X
[2020-05-13T15:54:31.546Z] Failed in branch Metricbeat Windows
[2020-05-13T15:54:31.596Z] Failed in branch Winlogbeat Windows x-pack
[2020-05-13T15:54:31.622Z] Failed in branch Kubernetes
[2020-05-13T15:54:38.172Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:38.191Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:38.196Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:38.228Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-05-13T15:54:38.230Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:38.232Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:38.234Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-13T15:54:38.989Z] Failed in branch Packetbeat
[2020-05-13T15:54:39.001Z] Failed in branch dockerlogbeat
[2020-05-13T15:54:39.002Z] Failed in branch Journalbeat
[2020-05-13T15:54:42.933Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:42.935Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:42.954Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:42.995Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-05-13T15:54:43.039Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-13T15:54:43.798Z] Failed in branch Metricbeat x-pack
[2020-05-13T15:54:43.800Z] Failed in branch Winlogbeat
[2020-05-13T15:54:47.869Z] Failed in branch Heartbeat
[2020-05-13T15:54:47.870Z] Failed in branch Libbeat
[2020-05-13T15:54:47.892Z] Failed in branch Functionbeat
[2020-05-13T15:54:47.923Z] Stage "Auditbeat oss" skipped due to earlier failure(s)
[2020-05-13T15:54:47.967Z] Stage "Generators" skipped due to earlier failure(s)
[2020-05-13T15:54:50.670Z] Failed in branch Auditbeat oss
[2020-05-13T15:54:50.671Z] Failed in branch Generators
[2020-05-13T15:55:00.719Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats-beats-mbp_PR-6103
[2020-05-13T15:55:03.342Z] [INFO] getVaultSecret: Getting secrets
[2020-05-13T15:55:04.318Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-05-13T15:55:09.482Z] + chmod 755 generate-build-data.sh
[2020-05-13T15:55:09.483Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-6103/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-6103/runs/122 ABORTED 436894
[2020-05-13T15:55:10.033Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-6103/runs/122/steps/?limit=10000 -o steps-info.json
[2020-05-13T15:55:19.909Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-6103/runs/122/tests/?status=FAILED -o tests-errors.json
[2020-05-13T15:55:21.772Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats-beats-mbp/PR-6103/runs/122/log/ -o pipeline-log.txt

[elasticmachine]

❕ Build Aborted

The PR is not allowed to run in the CI yet

Expand to view the summary

Build stats

• Build Cause: [Branch indexing]

• Reason: The PR is not allowed to run in the CI yet

• Start Time: 2020-07-13T13:44:12.359+0000

• Duration: 5 min 17 sec

• Commit: 3ff1557

Steps errors

Expand to view the steps failures

• Name: Error signal

  • Description: githubPrCheckApproved: The PR is not allowed to run in the CI yet. (Only users with write permission

  • Duration: 0 min 0 sec

  • Start Time: 2020-07-13T13:48:56.363+0000

  • log

Log output

Expand to view the last 100 lines of log output

[2020-07-13T13:49:08.189Z] Stage "Elastic Agent x-pack Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.217Z] Stage "Elastic Agent Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.246Z] Stage "Filebeat oss" skipped due to earlier failure(s)
[2020-07-13T13:49:08.276Z] Stage "Filebeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:08.294Z] Stage "Filebeat Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.313Z] Stage "Filebeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.329Z] Stage "Filebeat Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.357Z] Stage "Filebeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.391Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.401Z] Stage "Auditbeat oss Linux" skipped due to earlier failure(s)
[2020-07-13T13:49:08.424Z] Stage "Auditbeat crosscompile" skipped due to earlier failure(s)
[2020-07-13T13:49:08.460Z] Stage "Auditbeat oss Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.485Z] Stage "Auditbeat oss Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.503Z] Stage "Auditbeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:08.519Z] Stage "Auditbeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.548Z] Stage "Auditbeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.582Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.596Z] Stage "Libbeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:08.639Z] Stage "Metricbeat OSS Unit tests" skipped due to earlier failure(s)
[2020-07-13T13:49:08.698Z] Stage "Metricbeat OSS Integration tests" skipped due to earlier failure(s)
[2020-07-13T13:49:08.718Z] Stage "Metricbeat Python integration tests" skipped due to earlier failure(s)
[2020-07-13T13:49:08.744Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:08.752Z] Stage "Metricbeat crosscompile" skipped due to earlier failure(s)
[2020-07-13T13:49:08.775Z] Stage "Metricbeat Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.796Z] Stage "Metricbeat x-pack Mac OS X" skipped due to earlier failure(s)
[2020-07-13T13:49:08.836Z] Stage "Metricbeat Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.856Z] Stage "Metricbeat x-pack Windows" skipped due to earlier failure(s)
[2020-07-13T13:49:08.875Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.895Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.903Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.921Z] Stage "Winlogbeat Windows x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:08.968Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.984Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:08.999Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-13T13:49:09.012Z] Stage "Kubernetes" skipped due to earlier failure(s)
[2020-07-13T13:49:09.676Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.690Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.704Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:09.719Z] Stage "Packetbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.745Z] Stage "dockerlogbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.757Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.769Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.784Z] Stage "Journalbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:09.817Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-13T13:49:11.884Z] Click here to forcibly terminate running steps
[2020-07-13T13:49:13.030Z] Failed in branch Elastic Agent x-pack
[2020-07-13T13:49:13.051Z] Failed in branch Elastic Agent x-pack Windows
[2020-07-13T13:49:13.064Z] Failed in branch Elastic Agent Mac OS X
[2020-07-13T13:49:13.075Z] Failed in branch Filebeat oss
[2020-07-13T13:49:13.090Z] Failed in branch Filebeat x-pack
[2020-07-13T13:49:13.100Z] Failed in branch Filebeat Mac OS X
[2020-07-13T13:49:13.112Z] Failed in branch Filebeat x-pack Mac OS X
[2020-07-13T13:49:13.134Z] Failed in branch Filebeat Windows
[2020-07-13T13:49:13.166Z] Failed in branch Filebeat x-pack Windows
[2020-07-13T13:49:13.177Z] Failed in branch Auditbeat oss Linux
[2020-07-13T13:49:13.189Z] Failed in branch Auditbeat crosscompile
[2020-07-13T13:49:13.219Z] Failed in branch Auditbeat oss Mac OS X
[2020-07-13T13:49:13.230Z] Failed in branch Auditbeat oss Windows
[2020-07-13T13:49:13.243Z] Failed in branch Auditbeat x-pack
[2020-07-13T13:49:13.256Z] Failed in branch Auditbeat x-pack Mac OS X
[2020-07-13T13:49:13.274Z] Failed in branch Auditbeat x-pack Windows
[2020-07-13T13:49:13.297Z] Failed in branch Libbeat x-pack
[2020-07-13T13:49:13.332Z] Failed in branch Metricbeat OSS Unit tests
[2020-07-13T13:49:13.344Z] Failed in branch Metricbeat OSS Integration tests
[2020-07-13T13:49:13.357Z] Failed in branch Metricbeat Python integration tests
[2020-07-13T13:49:13.368Z] Failed in branch Metricbeat crosscompile
[2020-07-13T13:49:13.384Z] Failed in branch Metricbeat Mac OS X
[2020-07-13T13:49:13.401Z] Failed in branch Metricbeat x-pack Mac OS X
[2020-07-13T13:49:13.422Z] Failed in branch Metricbeat Windows
[2020-07-13T13:49:13.440Z] Failed in branch Metricbeat x-pack Windows
[2020-07-13T13:49:13.462Z] Failed in branch Winlogbeat Windows x-pack
[2020-07-13T13:49:13.481Z] Failed in branch Kubernetes
[2020-07-13T13:49:15.599Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:15.610Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:15.625Z] Stage "Metricbeat x-pack" skipped due to earlier failure(s)
[2020-07-13T13:49:15.643Z] Stage "Winlogbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:15.661Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:15.674Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-13T13:49:17.831Z] Failed in branch Packetbeat
[2020-07-13T13:49:17.848Z] Failed in branch dockerlogbeat
[2020-07-13T13:49:17.857Z] Failed in branch Journalbeat
[2020-07-13T13:49:18.970Z] Stage "Heartbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:18.991Z] Stage "Libbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:19.004Z] Stage "Functionbeat" skipped due to earlier failure(s)
[2020-07-13T13:49:19.114Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-13T13:49:19.375Z] Failed in branch Metricbeat x-pack
[2020-07-13T13:49:19.388Z] Failed in branch Winlogbeat
[2020-07-13T13:49:20.432Z] Failed in branch Heartbeat
[2020-07-13T13:49:20.459Z] Failed in branch Libbeat
[2020-07-13T13:49:20.486Z] Failed in branch Functionbeat
[2020-07-13T13:49:20.487Z] Stage "Generators" skipped due to earlier failure(s)
[2020-07-13T13:49:21.032Z] Failed in branch Generators
[2020-07-13T13:49:26.658Z] Running on worker-395930 in /var/lib/jenkins/workspace/Beats_beats_PR-6103
[2020-07-13T13:49:27.683Z] [INFO] getVaultSecret: Getting secrets
[2020-07-13T13:49:27.932Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-13T13:49:30.735Z] + chmod 755 generate-build-data.sh
[2020-07-13T13:49:30.735Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-6103/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-6103/runs/1 ABORTED 316943
[2020-07-13T13:49:30.735Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-6103/runs/1/steps/?limit=10000 -o steps-info.json
[2020-07-13T13:49:33.027Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-6103/runs/1/tests/?status=FAILED -o tests-errors.json
[2020-07-13T13:49:33.027Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-6103/runs/1/log/ -o pipeline-log.txt

[botelastic]

Hi!
We just realized that we haven't looked into this PR in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it in as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[botelastic]

Hi!
This PR has been stale for a while and we're going to close it as part of our cleanup procedure.
We appreciate your contribution and would like to apologize if we have not been able to review it, due to the current heavy load of the team.
Feel free to re-open this PR if you think it should stay open and is worth rebasing.
Thank you for your contribution!

[fgierlinger]

@andrewkroh @ruflin @kvch This PR is still relevant. Can you reopen it or should a new PR be submitted?

[bigon]

I also would be interested to see a SELinux policy for the beats