I'm attempting to use Elasticsearch on Centos but have some concerns over the unconfined java and controller services that Elasticsearch uses. With the system's initial blocking of unconfined services due to security concerns, Elasticsearch will not be able to work as java and controller will not be able to start up.
Does Elasticsearch requires that the java and controller be run on unconfined services or are there ways to run the services in a confined type and still allowing Elasticsearch to work?
Thanks
I meant that they run as unconfined processes. For example when running ps -eZ | grep unconfined_service_t it will flag out the 2 processes, java and controller that is used by elasticsearch.
Are you referring to something in SELinux here? That's the only reference I can see to what you are asking, which is why I was looking for clarification
Since unconfined services in SELinux is supposed to be able to do nearly anything, is there a security concern regarding having elasticsearch run java and controller as unconfined services?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
