• Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • rhel-9.4
    • rhel-9.3.0
    • selinux-policy
    • None
    • selinux-policy-38.1.30-1.el9
    • sst_security_selinux
    • ssg_security
    • 23
    • None
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      SELinux policy brings the sap policy module. The sap policy module brings the necessary rules and file context patterns.

      Show
      SELinux policy brings the sap policy module. The sap policy module brings the necessary rules and file context patterns.
    • Pass
    • None
    • Enhancement
    • Hide
      .New SELinux policy module for the SAP HANA service

      This update adds additional rules to the SELinux policy for the SAP HANA service. As a result, the service now runs successfully in SELinux enforcing mode in the `sap_unconfined_t` domain.
      Show
      .New SELinux policy module for the SAP HANA service This update adds additional rules to the SELinux policy for the SAP HANA service. As a result, the service now runs successfully in SELinux enforcing mode in the `sap_unconfined_t` domain.
    • Done
    • None

      Create a new policy module for the SAP service

      Current state: The SAP service is running in the generic unconfined_service_t domain which does not allow for interactions with other services like insights-client.

      Acceptance criteria:

      • The SAP service is executed in its domain.
      • No SELinux denials are audited for the SAP service.
      • The policy content is in a policy module shipped in RHEL.
      • insights-client does not report any error

            rhn-support-zpytela Zdenek Pytela
            rhn-support-zpytela Zdenek Pytela
            Zdenek Pytela Zdenek Pytela
            Milos Malik Milos Malik
            Jan Fiala Jan Fiala
            Votes:
            1 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: