Bug 889348

Summary: Make SElinux setting for horizon persistent
Product: Red Hat OpenStack Reporter: Bob Kukura <rkukura>
Component: doc-Getting_Started_GuideAssignee: Bruce Reeler <breeler>
Status: CLOSED DUPLICATE QA Contact: ecs-bugs
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0 (Folsom)CC: breeler, lpeer, rlandman, sgordon
Target Milestone: ---Keywords: Documentation, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-24 17:00:52 EST Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Bob Kukura 2012-12-20 16:34:39 EST
Description of problem: 

Chapter 8 should say "sudo setsebool -P httpd_can_network_connect on" instead of "sudo setsebool httpd_can_network_connect on" so the setting persists after reboot.

Version-Release number of selected component (if applicable):

How reproducible: 100%

Steps to Reproduce:
1. follow guide, verify can log into horizon
2. reboot
3. try to login to horizon
Actual results: Can't login

Expected results: Can login

Additional info:
Comment 2 Perry Myers 2012-12-20 17:48:21 EST
@rkukura: Shouldn't we have a way of making this change via the RPM installation of a customized selinux policy for us vs. making this a manual step for the user to execute?
Comment 3 Bob Kukura 2012-12-21 08:40:25 EST
pmyers: If a customized policy could apply to just horizon, and not to other web content hosted by the same server, then that would make sense. But this boolean applies to all web content, so I don't think just installing the RPM should implicitly compromise the system's security. I'm wondering what the precedent is for other packages that install web content? Does just installing the RPM make the content available, like horizon does now, or is there generally an explicit configuration step to publish the content? Maybe we should provide a setup script to publish the content, configure httpd if needed, and set the boolean.
Comment 4 Stephen Gordon 2013-01-24 17:00:52 EST

*** This bug has been marked as a duplicate of bug 889224 ***