Bug 752183 - SElinux policy trickery with puppet-controlled, hosted installation
Summary: SElinux policy trickery with puppet-controlled, hosted installation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Pulp
Classification: Retired
Component: z_other
Version: 1.0.0
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
: ---
Assignee: John Matthews
QA Contact: Preethi Thomas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-08 18:37 UTC by Jordan OMara
Modified: 2014-11-09 22:55 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-09 17:08:25 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jordan OMara 2011-11-08 18:37:11 UTC 
I am installing/configuring pulp with puppet. Part of my installation replaces the standard repo location with a custom one that points to an NFS filer. This is configured after RPM installation by replacing the directory (/var/lib/pulp) with a symlink to the mount (/mnt/blahblah). SELinux doesn't like this and will not allow pulp to write to the directory. I cannot perform any repo-based operation as it causes pulp to fail. 

This is obviously not standard behavior but worth considering in the SELinux policy that ships with the RPM. Thanks!

Version-Release number of selected component (if applicable):
0.239
Comment 1 John Matthews 2011-12-12 20:28:07 UTC 
Pulps's SELinux policy has been re-written to work with httpd.
The below boolean can be set to allow NFS.

sudo setsebool httpd_use_nfs true

QE:
Test is to configure a NFS server and follow Jordan's instructions from the bz description.
Comment 2 Jeff Ortel 2011-12-15 20:18:19 UTC 
build: 0.255
Comment 3 Preethi Thomas 2012-11-06 15:21:55 UTC 
moving to verified
Comment 4 Preethi Thomas 2013-01-09 17:08:25 UTC 
Pulp v2.0 released
Note You need to log in before you can comment on or make changes to this bug.