Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: openshift-4.14.z
Affects Version/s: None
Component/s: None
Labels:
- ocpve

Story Points:
3
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Intelligence Requested:
Market:

Sprint:
uShift Sprint 241, uShift Sprint 242, uShift Sprint 243, uShift Sprint 244, uShift Sprint 245, uShift Sprint 246

Target Version:

openshift-4.14.z

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

As follow-on work to ~~USHIFT-1568~~, we should add a test which verifies that it's not possible to utilize the privileges of another domain in order to do more than what's possible inside a restricted domain.

An example of this would be running the `foo` binary, which might have policy which might instruct SELinux to automatically transition to the `bar` domain when foo is executed from a process running in the `foobar` domain. We should be able to find policy which might facilitate this via `sesearch`.

clones

USHIFT-1666 Add test which verifies that it's not possible to utilize the privilieges of another domain in order to do more than what's possible inside a restricted domain

Closed

links to

openshift/microshift#2486: [release-4.14] USHIFT-1755: Selinux domain transition test

Assignee:: Egli Hila

Reporter:: Jeremy Peterson

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2023/10/12 2:59 PM

Updated:: 2023/12/04 4:11 PM

Resolved:: 2023/12/04 4:11 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates