Project

Profile

Help

Issue #6998

closed

As an operator I want pulp3 to run with SELinux set to enforcing

Added by spredzy almost 4 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

As an operator I want pulp3 to run with SELinux set to enforcing.

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

This issue might be (in part) a duplicate of https://pulp.plan.io/issues/97 - Yet this issue seems to involve more parts.

Actions #1

Updated by pulpbot almost 4 years ago

  • Status changed from NEW to POST

Added by spredzy almost 4 years ago

Revision 59dd134c | View on GitHub

Ensure pulp3 works in an SELinux enforced system

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

fixes #6998

Added by spredzy almost 4 years ago

Revision 59dd134c | View on GitHub

Ensure pulp3 works in an SELinux enforced system

In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).

While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.

Flag to enable: httpd_can_network_connect

fixes #6998

Actions #2

Updated by spredzy almost 4 years ago

  • Status changed from POST to MODIFIED
Actions #4

Updated by fao89 over 3 years ago

  • Sprint/Milestone set to 3.5.0
Actions #5

Updated by fao89 over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF