Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-21452

Confine the sap module

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • selinux-policy
    • None
    • selinux-policy-38.1.30-1.el9
    • None
    • None
    • rhel-sst-security-selinux
    • ssg_security
    • 23
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      SELinux policy brings the sap policy module. The sap policy module brings the necessary rules and file context patterns.

      Show
      SELinux policy brings the sap policy module. The sap policy module brings the necessary rules and file context patterns.
    • Pass
    • None
    • Enhancement
    • Hide
      .New SELinux policy module for the SAP HANA service

      This update adds additional rules to the SELinux policy for the SAP HANA service. As a result, the service now runs successfully in SELinux enforcing mode in the `sap_unconfined_t` domain.
      Show
      .New SELinux policy module for the SAP HANA service This update adds additional rules to the SELinux policy for the SAP HANA service. As a result, the service now runs successfully in SELinux enforcing mode in the `sap_unconfined_t` domain.
    • Done
    • None

      Create a new policy module for the SAP service

      Current state: The SAP service is running in the generic unconfined_service_t domain which does not allow for interactions with other services like insights-client.

      Acceptance criteria:

      • The SAP service is executed in its domain.
      • No SELinux denials are audited for the SAP service.
      • The policy content is in a policy module shipped in RHEL.
      • insights-client does not report any error

              rhn-support-zpytela Zdenek Pytela
              rhn-support-zpytela Zdenek Pytela
              Zdenek Pytela Zdenek Pytela
              Milos Malik Milos Malik
              Jan Fiala Jan Fiala
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: