Details
-
New Feature
-
Status: Done
-
Medium
-
Resolution: Fixed
-
8.0.x
-
None
Description
What is it we are doing?
We have SELinux profiles in our source tree, and much of this is already maintained upstream in MySQL CE, but we don't currently perform automated testing as part of QA to verify that these profiles work correctly with Percona Server. We should develop the appropriate QA processes and begin maintenance of any changes required in the SELinux profiles as part of our patchset.
Why are we doing it?
SELinux is used by many large enterprises to assist in meeting security and compliance objectives. It should be as simple a matter as installing our software normally for them to use SELinux with PS.
Are there any restrictions on when this needs to be done?
This should be resolved in 5.7 if possible, but must be resolved for 8.0 before launch.
Are there any unanswered questions we have about this before it can be worked on?
Do the current profiles work in enforcing mode? Do we have any changes we need to make from upstream? Should we rebase our packaging on upstream to gain the simplified installation of SELinux profiles?
https://confluence.percona.com/display/PS/Certify+PS+for+SELinux+Support
Attachments
Issue Links
- relates to
-
PS-4813 Using flush_caches leads to SELinux denial errors
-
- Done
-
