SELinux Policies in CloudBlue Commerce

CloudBlue Commerce-specific policies apply SELinux domains and types to CloudBlue Commerce files, directories and processes like it's shown in the table below.

Domain Permissions Types Permissions in other domains Policy file location
pa_agent_t all pa_agent_* all /usr/share/selinux/packages/pa-agent/pa_agent.pp
pa_jboss_t
  • jboss directories in /usr/local/pem
  • jboss ports logs in /var/log/pa
pa_jboss_*

read/write:

  • pa agent logs
  • tmp
  • tarballs

read:

  • pa agent config files

connect/read:

  • all ports, files, devices
/usr/local/pem/u/selinux/pa_jboss.pp
bm_t
  • all directories in /usr/local/bm
  • all directories in /usr/local/stellart
  • log files in /var/log/pa
  • BM ports
bm_*

read/write:

  • pa agent logs

connect/read:

  • all ports, sockets
/usr/local/bm/etc/selinux/bm.pp
httpd_t

The following permissions are added to existing httpd ones:

connect to BM sockets, all ports, particular BM directories.

Store directories are marked as httpd_t domains

httpd_*

read:

  • PA agent tarballs,
  • domain SDK keys,
  • SSL certificates
  • task logs

read/write/execute:

  • http directories in Billing, as conf/html, conf/wnd, and so on

connect:

  • stellart sockets
 

If SELinux is disabled or runs in permissive mode on a node, these policies do not have effect on the system.

© 2024 Ingram Micro, Inc. All Rights Reserved. Privacy Policy, Terms of Use and Legal