Story #7043
Updated by mdepaulo@redhat.com about 4 years ago
## Overview
On Red Hat systems, Pulp installer needs to clone pulpcore-selinux repository[0], compile the policy inside of it, and install the policy, label all the ports used by pulp services[1].
[0] https://github.com/pulp/pulpcore-selinux
[1] https://github.com/pulp/pulpcore-selinux#labeling-pulpcore_port
## File Path Requirements/Details
The SELinux policy is built assuming default file paths. For example things like /var/lib/pulp, etc. Those defaults are in the policy's ".fc" file [here](https://github.com/pulp/pulpcore-selinux/blob/master/pulpcore.fc).
On producton systems when these paths are changed the compiled policy will need to generate a correct .fc file to use when compiling the policy.
On dev systems, a new .fc file will need to be generated as well for the dev environment.
## install-from-RPM mode requirements
Because /usr/bin/rq and /usr/bin/gunicorn are generic, this mode will require wrapper scripts like Katello creates. If we are to support this mode at all (usually policies are in a separate RPM package.)