Project

Profile

Help

Story #7043

Updated by mdepaulo@redhat.com about 4 years ago

## Overview 

 On Red Hat systems, Pulp installer needs to clone pulpcore-selinux repository[0], compile the policy inside of it, and install the policy, label all the ports used by pulp services[1]. 

 [0] https://github.com/pulp/pulpcore-selinux 
 [1] https://github.com/pulp/pulpcore-selinux#labeling-pulpcore_port 

 ## File Path Requirements/Details 

 The SELinux policy is built assuming default file paths. For example things like /var/lib/pulp, etc. Those defaults are in the policy's ".fc" file [here](https://github.com/pulp/pulpcore-selinux/blob/master/pulpcore.fc). 

 On producton systems when these paths are changed the compiled policy will need to generate a correct .fc file to use when compiling the policy. 

 On dev systems, a new .fc file will need to be generated as well for the dev environment. 

 ## install-from-RPM mode requirements 

 Because /usr/bin/rq and /usr/bin/gunicorn are generic, this mode will require wrapper scripts like Katello creates. If we are to support this mode at all (usually policies are in a separate RPM package.)

Back