Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: openshift-4.15
Affects Version/s: None
Component/s: None
Labels:
- ocpve

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

Sprint:
uShift Sprint 241, uShift Sprint 242, uShift Sprint 243

Target Version:

openshift-4.15

SFDC Cases Links:
SFDC Cases Counter:

As follow-on work to ~~USHIFT-1568~~, we should add a test which verifies that it's not possible to utilize the privileges of another domain in order to do more than what's possible inside a restricted domain.

An example of this would be running the `foo` binary, which might have policy which might instruct SELinux to automatically transition to the `bar` domain when foo is executed from a process running in the `foobar` domain. We should be able to find policy which might facilitate this via `sesearch`.

is cloned by

USHIFT-1755 Add test which verifies that it's not possible to utilize the privilieges of another domain in order to do more than what's possible inside a restricted domain

Closed

links to

openshift/microshift#2361: USHIFT-1666: Selinux domain transition test

openshift/microshift#2486: [release-4.14] USHIFT-1666: Selinux domain transition test

Assignee:: Egli Hila

Reporter:: Jeremy Peterson

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/09/06 7:34 PM

Updated:: 2023/12/10 3:52 PM

Resolved:: 2023/10/12 11:59 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates