[SR-Users] Kamailio has unconfined processes
himabindu.garadareddy at gmail.com
Wed Aug 10 08:35:12 CEST 2022
Customer security scan returned unconfined services on Kamailio.
Unconfined processes run in unconfined domains Rationale:
For unconfined processes, SELinux policy rules are applied, but policy
rules exist that allow processes running
in unconfined domains almost all access. Processes running in unconfined
domains fall back to using DAC
rules exclusively. If an unconfined process is compromised, SELinux does
not prevent an attacker from
gaining access to system resources and data, but of course, DAC rules are
still used. SELinux is a security
enhancement on top of DAC rules - it does not replace them
Investigate any unconfined processes found during the audit action. They
may need to have an existing security
context assigned to them or a policy built for them.
Occasionally certain daemons such as backup or centralized management
software may require running
unconfined. Any such software should be carefully analyzed and documented
before such an exception is made.
The command returned :
is any security context available to assign kamailio processes ?
theses services can be run as confined services ?
Please suggest us with resolution, thanks in advance.
Thanks & Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the sr-users