Bug 761253

Summary: Compatibility with default SELinux policy for httpd
Product: [Community] PulpDist Reporter: Nick Coghlan <ncoghlan>
Component: z_otherAssignee: Nick Coghlan <ncoghlan>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: medium    
Version: unspecified   
Target Milestone: 0.1.0   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 761257 (view as bug list) Environment:
Last Closed: 2012-01-31 05:34:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Nick Coghlan 2011-12-07 22:16:22 UTC 
There are at least a couple of sub-issues here:

1. Tag everything appropriately with contexts in the RPM spec file
2. Avoid using /tmp for anything (see http://danwalsh.livejournal.com/11467.html)

The latter will require updating pulpdist.core.sync_trees to accept a configurable temp dir, then updating the Pulp plugins to use the conduit's working directory API to get an appropriate path.

(This issue may affect the web app as well, but it *definitely* affects the plugins, since they currently use /tmp for various working files)
Comment 1 Nick Coghlan 2011-12-07 22:26:52 UTC 
I split out the "don't use /tmp" problem to its own BZ entry: #761257

This issue is now just about setting contexts appropriately so that the plugins and the web application can be used with the default SELinux policy for httpd.
Comment 2 Nick Coghlan 2012-01-31 05:34:56 UTC 
This is done in 0.0.3. Note that any destination directories for sync operations will *also* need to have their SELinux contexts set correctly (the demo repositories handle this by targeting /var/www/pub subdirectories)