EDR cbdaemon Runs as an Unconfined Service is Expected Behavior
Article ID: 291527
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Cbdaemon shows running as an unconfined service after enabling SELinux. Is this expected behavior?
Environment
- EDR (Formerly CB Response) sensor: All Supported Versions
- RHEL/CentOS: 7.x, 8.x , 9.x
- SELinux enabled
Resolution
This is expected behavior and will continue to work with SELinux.
Additional Information
- Running the following command will list the cbdaemon
ps -eZ | grep "unconfined_service_t"
- SELinux further protects the cbdaemon service.
Feedback
Yes
No
Powered by
