#2372 SELinux: Audit changes to the SELinux label files
Closed: Fixed None Opened 7 years ago by jhrozek.

Currently the IPA backend writes out the login file containing the SELinux login string directly to /etc/selinux/targeted/logins. It might help to improve the audit trail if we used libsemanage instead.

After a bit more discussion, it was decided that we only need to audit that the file had changed at all, not who changed it.

The move to libsemanage is not viable, libsemanage doesn't have any facility to operate the flat files.

summary: SELinux: Use libsemanage instead of writing the SELinux file directly => SELinux: Audit changes to the SELinux label files

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.1
priority: major => minor

Fields changed

owner: somebody => mzidek

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

Fields changed

patch: 0 => 1

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

mark: => 0
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.12.3

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3414

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.