Description of problem: https://github.com/pulp/pulp/blob/master/server/selinux/server/pulp-celery.te#L105 On the above line, only the ability to create symlinks is provided. It's probably necessary to add 'read getattr unlink' Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
The steps to reproduce this are the following: 1. Download the example puppet module that contains a symlink wget https://repos.fedorapeople.org/repos/pulp/pulp/demo_repos/puppet_symlink/examplecorp-mymodule-0.1.0.tar.gz 2. Create directory to publish to sudo mkdir -p /etc/puppet/myforges/fakeforge sudo chown -R apache:apache /etc/puppet/myforges 3. Create repo pulp-admin puppet repo create --repo-id=fakeforge 4. Upload the example module pulp-admin puppet repo uploads upload --file examplecorp-mymodule-0.1.0.tar.gz --repo-id fakeforge 5. Run the following script: from pulp.common import pic pic.connect() pic.POST('/v2/repositories/fakeforge/distributors/', {'distributor_type_id':'puppet_install_distributor', 'distributor_id':'puppet_tmp_install_distributor', 'auto_publish': False, 'distributor_config': {'install_path':'/etc/puppet/myforges/fakeforge'}}) pic.connect() pic.POST('/pulp/api/v2/repositories/fakeforge/actions/publish/', {'id': "puppet_tmp_install_distributor"}) 6. Run the above script again. The second time you run this script it fails cause it can't remove a symlink due to an SELinux permission problem.
https://github.com/pulp/pulp/pull/1647
I have also updated documentation for configuring pulp_puppet https://github.com/pulp/pulp_puppet/pull/163/
Updated the PR to be against 2.6-dev https://github.com/pulp/pulp/pull/1648 https://github.com/pulp/pulp_puppet/pull/164/
Moved to https://pulp.plan.io/issues/663