Skip to content

Commit d6a120d

Browse files
committed
Moved standard library paths and inventory bundles from common to agent type to simplify SELinux policy
This should simplify selinux policy where we want the agent to have broad access but other components like serverd, execd, hub to have more limited access. The paths bundle checks for the existence of many commands and this operation can cause SELinux AVCs. The inventory bundle uses the curl command to see if the host is an AWS instance and if so collects some inventory from a well known API/IP. As far as I can tell there isn't a need for the vars/classes defined in paths and inventory in components other than agent so this change should be OK. Ticket: ENT-12954 Changelog: title
1 parent 2cb3f4d commit d6a120d

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

inventory/any.cf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
bundle common inventory_any
1+
bundle agent inventory_any
22
# @brief Do inventory for any OS
33
#
44
# This common bundle is for any OS work not handled by specific
@@ -593,7 +593,7 @@ bundle agent cfe_autorun_inventory_cpuinfo
593593
"$(const.t) CPU physical cores: $(cpuinfo_physical_cores)";
594594
}
595595

596-
bundle common cfe_autorun_inventory_aws
596+
bundle agent cfe_autorun_inventory_aws
597597
# @brief inventory AWS EC2 instances
598598
#
599599
# Provides:

lib/paths.cf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Paths bundle (used by other bodies)
22

3-
bundle common paths
3+
bundle agent paths
44
# @brief Defines an array `path` with common paths to standard binaries and
55
# directories as well as classes for defined and existing paths.
66
#

0 commit comments

Comments
 (0)