Issue #1560
closed
Docs missing on selinux requirements to import from file:/// path
Description
A user recently tried to import content from an area of the file system outside of /tmp and /var/lib/pulp/. Because of its location in the filesystem, it received an selinux label that Pulp workers were denied read access from.
I propose a docs note be added indicating that the httpd_sys_r_content_t or pulp_tmp_t would be good choices of selinux labels. Note: if you choose httpd_sys_r_content_t then the webserver can also read the files so that may or may not be good. I propose we present both options to the user.
We should not document how to apply the label but which label is suggested to use.
Related issues
Updated by bmbouter over 7 years ago
- Has duplicate Issue #2061: [Errno 13] Permission denied when using symlink to a different partition added
Updated by daviddavis over 5 years ago
Just wanted to bump this issue since a user ran into this problem and I wanted to point him to some docs about how to configure selinux to allow syncs from local file repos.
Updated by bmbouter about 5 years ago
- Status changed from NEW to CLOSED - WONTFIX
Updated by bmbouter about 5 years ago
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.
.