CR-2026-03-10 vault-backup SELinux Policy Module — Risk & Comms

Sign-Off

Role

Name

Date

Implementer

Evan

2026-03-10

Reviewer

N/A (self)

2026-03-10

Approver

N/A (emergency fix)

2026-03-10

Lessons Learned

What went well

Permissive domain approach captured all permissions in one pass
Policy module is surgical (only grants required permissions)
SELinux remained in enforcing mode throughout

What could be improved

Should document SELinux requirements when deploying new services
Add SELinux policy creation to VM provisioning checklist

Runbook Updates

Updated vault-backup.adoc with comprehensive SELinux section

Related

Incident: vault-backup SELinux Failure