Open kiwiflyer opened 1 year ago
kiwiflyer
commented
1 year ago The docs still say that Selinux is not supported. Does anyone have any info as to whether these issues have been addressed? During some basic lab testing with enforcing enabled, I'm not seeing any denies in the audit logs. I tested this on an existing Alma 8 system, not on an install.
DaanHoogland
commented
1 year ago no idea, we'll have to try the install as well, before changing the docs on this subject, i think. Volunteers for a clean 4.18 install?
rohityadavcloud
commented
1 year ago @kiwiflyer we kind of do, but much of the selinux work requires operators/admin to define the rules. Here's an example of te file for cloud-agent pkg (cloudstack-agent that runs on kvm hosts) https://github.com/apache/cloudstack/blob/main/packaging/centos8/cloudstack-agent.te (of course this is highly limited as you can see but serves as an example)
andrijapanicsb
commented
8 months ago Any testing done by whoever on this - do we have any new info cc @kiwiflyer ?
andrijapanicsb
commented
8 months ago Let's bring this in, for 4.20? This would be a nice addition.
ISSUE TYPE
Improvement Request
COMPONENT NAME
Management Server and Agent
CLOUDSTACK VERSION
All versions
OS / ENVIRONMENT
All
SUMMARY
Server security is key to meeting compliance requirements. Most linux distros have supported Selinux for well over a decade.
I'm putting this in for tracking purposes, as Selinux policy would need to be created to support ACS.