https://pulp.plan.io/https://pulp.plan.io/favicon.ico2020-06-24T15:27:44ZPulpPulp - Issue #7041: Make disabling SELinux optionalhttps://pulp.plan.io/issues/7041?journal_id=587152020-06-24T15:27:44Zchouseknecht
<ul></ul><p>This is also breaking <a href="https://github.com/ansible/galaxy_ng/wiki/End-User-Installation" class="external">the galaxy_ng end-user install.</a></p>
<p>Specific log message from /var/log/messages...</p>
<pre><code>SELinux is preventing gunicorn from using the nnp_transition access on a process. For complete SELinux messages run: sealert -l 349b4598-4659-4e35-a82f-191239aa17d2
</code></pre> Pulp - Issue #7041: Make disabling SELinux optionalhttps://pulp.plan.io/issues/7041?journal_id=587162020-06-24T15:50:59Zpulpbot
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>POST</i></li></ul><p>PR: <a href="https://github.com/pulp/pulp_installer/pull/346" class="external">https://github.com/pulp/pulp_installer/pull/346</a></p> Pulp - Issue #7041: Make disabling SELinux optionalhttps://pulp.plan.io/issues/7041?journal_id=587172020-06-24T15:57:33Zdkliban@redhat.com
<ul></ul><p>It is not the responsibility of the installer to disable SELinux. The user should make that decision (in their playbook). The installer used to disable SELinux because there was no policy available. Now that a policy is available, we will improve the installer by having it compile and install the SELinux policy[0].</p>
<p>[0] <a href="https://pulp.plan.io/issues/7043" class="external">https://pulp.plan.io/issues/7043</a></p> Pulp - Issue #7041: Make disabling SELinux optionalhttps://pulp.plan.io/issues/7041?journal_id=587212020-06-24T17:00:52Zchouseknecht
<ul></ul><p>I don't disagree that SELinux should be enforcing, in an ideal world. Sometimes the world is not ideal, and in such cases it would be nice if the installer provided a simple knob. This makes it much less of a headache for upstream projects like galaxy_ng to document any known exceptions where it might desirable to disable SELinux.</p> Pulp - Issue #7041: Make disabling SELinux optionalhttps://pulp.plan.io/issues/7041?journal_id=589632020-07-01T14:14:53Zdkliban@redhat.com
<ul><li><strong>Status</strong> changed from <i>POST</i> to <i>CLOSED - WONTFIX</i></li></ul><p>The installer now sets SELinux to permissive. Once we add SELinux policy to the installer, the installer will not do anything to SELinux.</p>