Allow various services read and write z90crypt device

zpytela commented 1 month ago

This permission is required on s390x systems with the Crypto Express adapter card. The z90crypt device driver acts as the interface to the PCI cryptography hardware and performs asynchronous encryption operations (RSA) as used during the SSL handshake.

In this commit, services executing the following executables were allowed the access:

/usr/bin/ssh-keygen
/usr/bin/systemctl
/usr/sbin/sm-notify
/usr/lib/systemd/systemd-executor
/usr/lib/systemd/systemd-hostnamed
/usr/lib/systemd/systemd-random-seed
/usr/lib/systemd/systemd-update-utmp
/usr/lib/systemd/systemd-user-sessions
/usr/lib/systemd/systemd-user-runtime-dir

Resolves: RHEL-33361

packit-as-a-service[bot] commented 1 month ago

Cockpit tests failed for commit cb18b425119b597c70df057633571654a13391a3. @martinpitt, @jelly, @mvollmer please check.

packit-as-a-service[bot] commented 1 month ago

Cockpit tests failed for commit fce3681d5b952c311e96adc1ab68b9eeeae7c2e9. @martinpitt, @jelly, @mvollmer please check.

fedora-selinux / selinux-policy

Allow various services read and write z90crypt device #2121