Bug 761253 - Compatibility with default SELinux policy for httpd
Summary: Compatibility with default SELinux policy for httpd
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: PulpDist
Classification: Community
Component: z_other
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: 0.1.0
Assignee: Nick Coghlan
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-07 22:16 UTC by Nick Coghlan
Modified: 2012-02-02 03:59 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 761257 (view as bug list)
Environment:
Last Closed: 2012-01-31 05:34:56 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Nick Coghlan 2011-12-07 22:16:22 UTC 
There are at least a couple of sub-issues here:

1. Tag everything appropriately with contexts in the RPM spec file
2. Avoid using /tmp for anything (see http://danwalsh.livejournal.com/11467.html)

The latter will require updating pulpdist.core.sync_trees to accept a configurable temp dir, then updating the Pulp plugins to use the conduit's working directory API to get an appropriate path.

(This issue may affect the web app as well, but it *definitely* affects the plugins, since they currently use /tmp for various working files)
Comment 1 Nick Coghlan 2011-12-07 22:26:52 UTC 
I split out the "don't use /tmp" problem to its own BZ entry: #761257

This issue is now just about setting contexts appropriately so that the plugins and the web application can be used with the default SELinux policy for httpd.
Comment 2 Nick Coghlan 2012-01-31 05:34:56 UTC 
This is done in 0.0.3. Note that any destination directories for sync operations will *also* need to have their SELinux contexts set correctly (the demo repositories handle this by targeting /var/www/pub subdirectories)
Note You need to log in before you can comment on or make changes to this bug.