Project

Profile

Help

Actions
Send by e-mail Copy link

Issue #6998

closed

As an operator I want pulp3 to run with SELinux set to enforcing

Added by spredzy over 4 years ago. Updated over 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
spredzy
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
3.5.0
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As an operator I want pulp3 to run with SELinux set to enforcing.

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

This issue might be (in part) a duplicate of https://pulp.plan.io/issues/97 - Yet this issue seems to involve more parts.

Actions
Copy link
 #1

Updated by pulpbot over 4 years ago

  • Status changed from NEW to POST

Added by spredzy over 4 years ago

Revision 59dd134c | View on GitHub

Ensure pulp3 works in an SELinux enforced system

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

fixes #6998

Added by spredzy over 4 years ago

Revision 59dd134c | View on GitHub

Ensure pulp3 works in an SELinux enforced system

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

fixes #6998

Actions
Copy link
 #2

Updated by spredzy over 4 years ago

  • Status changed from POST to MODIFIED
Actions
Copy link
 #4

Updated by fao89 over 4 years ago

  • Sprint/Milestone set to 3.5.0
Actions
Copy link
 #5

Updated by fao89 over 4 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Send by e-mail Copy link

Also available in: Atom PDF