#2372 SELinux: Audit changes to the SELinux label files
Closed: Fixed None by jhrozek. Opened 4 years ago by jhrozek.

Currently the IPA backend writes out the login file containing the SELinux login string directly to /etc/selinux/targeted/logins. It might help to improve the audit trail if we used libsemanage instead.


After a bit more discussion, it was decided that we only need to audit that the file had changed at all, not who changed it.

The move to libsemanage is not viable, libsemanage doesn't have any facility to operate the flat files.

summary: SELinux: Use libsemanage instead of writing the SELinux file directly => SELinux: Audit changes to the SELinux label files

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.1
priority: major => minor

Fields changed

owner: somebody => mzidek

Mass-moving all tickets that didn't make 1.12.1 into 1.12.2

milestone: SSSD 1.12.1 => SSSD 1.12.2

Fields changed

patch: 0 => 1

We need to do a release as requested by downstream. Moving tickets that are not fixed already or very close to acking to 1.12.3

milestone: SSSD 1.12.2 => SSSD 1.12.3

mark: => 0
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.12.3

2 years ago

Login to comment on this ticket.

Metadata