Actions
Issue #1560
closed
Docs missing on selinux requirements to import from file:/// path
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation, Easy Fix, Pulp 2, SELinux
Sprint:
Quarter:
Description
A user recently tried to import content from an area of the file system outside of /tmp and /var/lib/pulp/. Because of its location in the filesystem, it received an selinux label that Pulp workers were denied read access from.
I propose a docs note be added indicating that the httpd_sys_r_content_t or pulp_tmp_t would be good choices of selinux labels. Note: if you choose httpd_sys_r_content_t then the webserver can also read the files so that may or may not be good. I propose we present both options to the user.
We should not document how to apply the label but which label is suggested to use.
Related issues
Actions
.