Actions
Issue #6998
closed
As an operator I want pulp3 to run with SELinux set to enforcing
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
Installer - Moved to GitHub issues
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
As an operator I want pulp3 to run with SELinux set to enforcing.
In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).
While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.
Flag to enable: httpd_can_network_connect
This issue might be (in part) a duplicate of https://pulp.plan.io/issues/97 - Yet this issue seems to involve more parts.
Actions
.
Ensure pulp3 works in an SELinux enforced system
In its current state pulp3 installs fine with SELInux enforced but fails to execute, because nginx is trying to connect to another network service (api and content - on port 24817 and port 24816).
While this is easily solved by the introduction of Unix Domain Socket in https://github.com/pulp/pulp_installer/pull/322 one may still want to use network services (if api is on another host) and hence the proper SELinux flag must be set.
Flag to enable: httpd_can_network_connect
fixes #6998