Bug 752183

Summary: SElinux policy trickery with puppet-controlled, hosted installation
Product: [Retired] Pulp Reporter: Jordan OMara <jomara>
Component: z_otherAssignee: John Matthews <jmatthew>
Status: CLOSED CURRENTRELEASE QA Contact: Preethi Thomas <pthomas>
Severity: low Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: athomas, jmatthew, skarmark
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-09 17:08:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jordan OMara 2011-11-08 18:37:11 UTC 
I am installing/configuring pulp with puppet. Part of my installation replaces the standard repo location with a custom one that points to an NFS filer. This is configured after RPM installation by replacing the directory (/var/lib/pulp) with a symlink to the mount (/mnt/blahblah). SELinux doesn't like this and will not allow pulp to write to the directory. I cannot perform any repo-based operation as it causes pulp to fail. 

This is obviously not standard behavior but worth considering in the SELinux policy that ships with the RPM. Thanks!

Version-Release number of selected component (if applicable):
0.239
Comment 1 John Matthews 2011-12-12 20:28:07 UTC 
Pulps's SELinux policy has been re-written to work with httpd.
The below boolean can be set to allow NFS.

sudo setsebool httpd_use_nfs true

QE:
Test is to configure a NFS server and follow Jordan's instructions from the bz description.
Comment 2 Jeff Ortel 2011-12-15 20:18:19 UTC 
build: 0.255
Comment 3 Preethi Thomas 2012-11-06 15:21:55 UTC 
moving to verified
Comment 4 Preethi Thomas 2013-01-09 17:08:25 UTC 
Pulp v2.0 released