Page MenuHomeDevCentral

Configure SELinux policy for Yubikeys on RedHat servers
ClosedPublic

Authored by dereckson on Feb 18 2018, 14:21.
Tags
None
Referenced Files
F3795913: D1333.diff
Thu, Nov 28, 04:16
Unknown Object (File)
Tue, Nov 26, 22:56
Unknown Object (File)
Mon, Nov 11, 01:28
Unknown Object (File)
Sat, Nov 9, 15:43
Unknown Object (File)
Mon, Nov 4, 10:07
Unknown Object (File)
Thu, Oct 31, 22:50
Unknown Object (File)
Oct 28 2024, 19:14
Unknown Object (File)
Oct 23 2024, 12:46
Subscribers
None

Details

Summary

Fedora SELinux policy offers an exemption tunable to allow a TCP connection
to external servers. This changes enables it for the bastion role.

Policy is defined in policy/modules/system/authlogin.te as is:
corenet_tcp_connect_http_port(login_pgm)

References:

This configuration block is currently no-op in production, as we don't have
any Fedora bastion currently (CentOS is used for Docker engines, but these
are not intended to get bastion role).

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.
dereckson retitled this revision from Configure SSHD SELinux policy for Yubikeys on RedHat servers to Configure SELinux policy for Yubikeys on RedHat servers.Feb 18 2018, 14:21
dereckson edited the summary of this revision. (Show Details)
This revision is now accepted and ready to land.Feb 18 2018, 14:22
This revision was automatically updated to reflect the committed changes.