Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-107732

Improve OpenSSH SELinux policy bits

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • selinux-policy-42.1.10-1.el10
    • No
    • Important
    • 5
    • rhel-security-selinux
    • 20
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • SELINUX 250827: 11, SELINUX 250917: 12, SELINUX 251008: 13, SELINUX 251029: 14, SELINUX 251119: 15
    • Enhancement
    • Hide
      Feature, enhancement:
      Reason:
      Result:
      Show
      Feature, enhancement: Reason: Result:
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      User story: As a security administrator managing Fedora and RHEL-10 systems, I want the SELinux policy for OpenSSH to be improved and updated in both distributions based on the CRYPTO-16932 design document, resulting in more granular SELinux labels per OpenSSH binary, so that the overall security posture is enhanced and provides better control as defined in the document.

      ACC:

      • Policy Availability & Installation: The updated SELinux policy for OpenSSH is officially released and successfully installs on RHEL-10.
      • Granular Confinement: New, granular SELinux labels are present on the system, and new processes are confined based on definitions in CRYPTO-16932.
      • No Test Suite Denials: The OpenSSH test suite runs successfully without generating any SELinux denials.

              rhn-support-zpytela Zdenek Pytela
              rhn-engineering-lvrabec Lukas Vrabec
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: