Project

General

Profile

Actions
Copy link

Bug #11572

closed

Add support for openscap spool files

Added by Gerwin Krist over 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Plugins
Target version:
-
Difficulty:
trivial
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman-selinux/pull/82
Fixed in Releases:
Foreman - 1.19.0
Found in Releases:
Red Hat JIRA:

Description

Foreman-Openscap using /var/spool/foreman-proxy/openscap/ to store uploaded ARF reports. Uploads from client fail because an AVC:

1360. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 dir write system_u:object_r:var_spool_t:s0 denied 242934
1361. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 dir add_name system_u:object_r:var_spool_t:s0 denied 242934
1362. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 file create system_u:object_r:var_spool_t:s0 denied 242934
1363. 08/26/2015 13:48:14 ruby system_u:system_r:foreman_proxy_t:s0 2 file write open system_u:object_r:var_spool_t:s0 denied 242934
1364. 08/26/2015 13:49:02 ruby system_u:system_r:foreman_proxy_t:s0 83 dir create system_u:object_r:var_spool_t:s0 denied 242942

Current type context:
matchpathcon /var/spool/foreman-proxy/openscap
/var/spool/foreman-proxy/openscap system_u:object_r:var_spool_t:s0

Possible solution:
An addon to the foreman-proxy module with:

require {
        type foreman_proxy_t;
        type var_spool_t;
        class dir { write create add_name };
        class file { write create open };
}

#============= foreman_proxy_t ==============
allow foreman_proxy_t var_spool_t:dir { write create add_name };
allow foreman_proxy_t var_spool_t:file { write create open };

or adding a fcontext to the fcontext database.

Actions
Copy link

Also available in: Atom PDF