Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: JWS 5.0_RHEL DR1
Affects Version/s: None
Component/s: rpm, selinux, tomcat
Labels:
None

Affects:

Documentation (Ref Guide, User Guide, etc.), User Experience
Release Note Text:
The JBoss Web Server 5.0 uses the `jws5_tomcat_t` selinux domain, rather than the unconfined `tomcat_t` domain for improved security.
Release Note Status:
Documented as Resolved Issue
Target Release:

JWS 5.0_RHEL_GA
Steps to Reproduce:

Hide

sesearch -ACS -s jws5_tomcat_t -t shadow_t -c file -p read
seinfo -tjws5_tomcat_t -x
check no presence of unconfined_domain_type or any other *unconfined* label

Show
sesearch -ACS -s jws5_tomcat_t -t shadow_t -c file -p read seinfo -tjws5_tomcat_t -x check no presence of unconfined_domain_type or any other *unconfined* label

SFDC Cases Links:
SFDC Cases Counter:

Description

+++ This bug was initially created as a clone of Bug #1432083 +++

Description of problem:

It seems tomcat_t domain is in unconfined_domain, then any process which is having tomcat_t domain can access to any file. Maybe there is a bug in policy file.

JWS5 domain name is : jws5_tomcat_t

There shouldn't be any unconfined_domain_type associated with jws5 domain name

Attachments

Issue Links

clones

JWS-695 tomcat7_t and tomcat8_t domains are in unconfined_domain

Closed

Activity

People

Assignee:: Coty Sutherland

Reporter:: Coty Sutherland

Tester:: Jan Onderka

Writer:: Tyler Kelly (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2017/05/31 11:52 AM

Updated:: 2018/11/07 7:47 AM

Resolved:: 2017/08/21 5:43 PM