Hey,
I am writing a policy for an app which runs via RH Ruby SCL. Unfortunately, the way SCL is designed is that it runs the following command: /bin/bash /var/tmp/sclIV6Zq0 which requires very unsecure SELinux rule to be added: corecmd_exec_shell(foreman_rails_t).
We need to either have native SELinux support in SCL, or a way to override the shell with our own binary. or any other good solution to the problem.
Thanks.
Hey,
I am writing a policy for an app which runs via RH Ruby SCL. Unfortunately, the way SCL is designed is that it runs the following command:
/bin/bash /var/tmp/sclIV6Zq0which requires very unsecure SELinux rule to be added:corecmd_exec_shell(foreman_rails_t).We need to either have native SELinux support in SCL, or a way to override the shell with our own binary. or any other good solution to the problem.
Thanks.