As a user, I have pulp_installer compile and install the pulpcore-selinux policy
On Red Hat systems, Pulp installer needs to clone pulpcore-selinux repository, compile the policy inside of it, and install the policy, label all the ports used by pulp services.
File Path Requirements/Details¶
The SELinux policy is built assuming default file paths. For example things like /var/lib/pulp, etc. Those defaults are in the policy's ".fc" file here.
On producton systems when these paths are changed the compiled policy will need to generate a correct .fc file to use when compiling the policy.
On dev systems, a new .fc file will need to be generated as well for the dev environment.
- Tags SELinux added
Current SELinux policy (pulp/pulpcore-selinux) is missing some rules
-> SELinux is preventing /usr/libexec/platform-python3.6 from read access on the file stat
kernel_getattr_proc(pulpcore_t) kernel_search_proc(pulpcore_t) kernel_list_proc(pulpcore_t) kernel_getattr_proc_files(pulpcore_t) kernel_read_proc_symlinks(pulpcore_t)
-> SELinux is preventing /usr/libexec/platform-python3.6 from search access on the directory krb5
optional_policy(` kerberos_use(pulpcore_t) ') optional_policy(` kerberos_read_keytab(pulpcore_t) ') corenet_tcp_connect_kerberos_password_port(pulpcore_t)
For some reasons anything under
/var/run does not get trnaistion properly I haven't found the reason why yet
Please register to edit this issue