[dev.icinga.com #2921] add full selinux support #1052
Comments
Updated by dgoetz on 2012-08-13 12:19:08 +00:00
I created a policy for the packages on Fedora 17 (created from spec-file in sources) I had to change the init-scripts by adding chcon after touching the pid: In the typeenforcement-file I have added some comments where perhaps some developer can have a look on the code. (Privileges that I am not sure about, files moved from tmp to spool) And also were I think it should better be in another policy (Nagios or Apache). Icinga and Icinga-Web is running with mysql backend and without any AVC-errors except of some leaked file descriptors through the plugins. Plugins are running in the contexts defined by Nagios policy. Perhaps the lines starting with permissive should be commented in so nothing breaks in a different setup. This would result in a system running enforced and Icinga and its components running permissive. I think that is all information needed, but if there are questions, feel free to ask. |
Updated by mfriedrich on 2012-09-03 17:43:08 +00:00
we'll talk on osmc, as discussed via mail, thanks in advance. |
Updated by mfriedrich on 2012-11-09 12:22:05 +00:00 |
Updated by mfriedrich on 2013-04-06 22:00:14 +00:00
i'll drop the release target for now, and wait til rene provides the files. https://sourceforge.net/mailarchive/message.php?msg\_id=30509241 |
Updated by davidressman on 2013-06-27 00:46:37 +00:00 Just FYI for anyone else besides Michael and Dirk who might be watching, I'm taking a crack at this. We're targeting the 1.10 release for full SELinux support. When things look a little more complete, I'll create a new issue. |
Updated by mfriedrich on 2013-06-29 14:53:48 +00:00
added reporter status in order to assign the todos to you. |
Updated by mfriedrich on 2013-08-13 11:36:53 +00:00 Hi, can you give a short status update / summary of what's been done so far? Thanks. |
Updated by mfriedrich on 2013-10-14 22:31:01 +00:00 status? |
Updated by mfriedrich on 2013-10-16 14:43:35 +00:00
|
Updated by bigon on 2014-01-09 15:05:29 +00:00 Hi, Shouldn’t this also be forwarded to the selinux reference policy upstreams (refpolicy) so the other distributions can use it? In the current refpolicy there is already a nagios module that could be improved to include icinga support |
Updated by mfriedrich on 2014-01-25 16:23:51 +00:00
|
Updated by mfriedrich on 2014-03-03 18:54:02 +00:00
feature freeze 1.11 |
Updated by spstarr on 2014-04-24 12:00:23 +00:00 Well, SLES uses AppArmor as does Ubuntu, Fedora/RHEL use SELinux, we can engage the SELinux policy group in Fedora and they can refine your policy files. I will include this for 1.11.2 tonight. |
Updated by spstarr on 2014-04-24 12:01:10 +00:00
|
Updated by spstarr on 2014-06-10 14:12:05 +00:00
Reassigning to Sam for Policy work |
Updated by mfriedrich on 2014-10-26 19:12:46 +00:00
|
Updated by mfriedrich on 2015-03-12 19:14:57 +00:00
I assume, nothing has happen so far? It think it's reasonable to skip it entirely and focus on 2.x. Opinions? |
Updated by berk on 2015-05-18 12:17:35 +00:00
|
Updated by mfriedrich on 2015-06-12 17:06:18 +00:00
|
Won't happen, we have that in 2.x. |
This issue has been migrated from Redmine: https://dev.icinga.com/issues/2921
Created by mfriedrich on 2012-07-30 21:15:42 +00:00
Assignee: (none)
Status: New
Target Version: Backlog
Last Update: 2015-06-12 17:06:18 +00:00 (in Redmine)
this is still missing in the packages, and is currently the final showstopper for EPEL upstream.
there might be insights on the work Chris already made (check selinux/), plus maybe some insights from this howto as well
http://mbrownnyc.wordpress.com/technology-solutions/reliability-monitoring-solution/implement-icinga-on-centos6-with-selinux/
Attachments
Changesets
2012-08-31 13:29:40 +00:00 by mfriedrich 06043e2
Relations:
The text was updated successfully, but these errors were encountered: