FIDO Device Onboard DB support is missing some SELinux Policies
·1 min
The new 0.5.0 version of fdo-device-onboard-rs comes with preliminary database support as Tech Preview. However, some of the downstream releases don’t work properly as they are missing some needed SELinux policies:
(allow fdo_t etc_t (file (write)))
(allow fdo_t fdo_conf_t (file (append create rename setattr unlink write)))
(allow fdo_t fdo_var_lib_t (dir (add_name remove_name write)))
(allow fdo_t fdo_var_lib_t (file (create setattr unlink write)))
(allow fdo_t krb5_keytab_t (dir (search)))
(allow fdo_t postgresql_port_t (tcp_socket (name_connect)))
(allow fdo_t sssd_t (unix_stream_socket (connectto)))
(allow fdo_t sssd_var_run_t (sock_file (write)))
To install them just save the content above as local-fdo-db.cil and run the following
commands:
[root@localhost:~]# dnf install -y policycoreutils
[root@localhost:~]# semodule -i local-fdo-db.cil