Red Hat Bugzilla – Bug 889348
Make SElinux setting for horizon persistent
Last modified: 2016-04-26 13:36:32 EDT
Description of problem:
Chapter 8 should say "sudo setsebool -P httpd_can_network_connect on" instead of "sudo setsebool httpd_can_network_connect on" so the setting persists after reboot.
Version-Release number of selected component (if applicable):
How reproducible: 100%
Steps to Reproduce:
1. follow guide, verify can log into horizon
3. try to login to horizon
Actual results: Can't login
Expected results: Can login
@rkukura: Shouldn't we have a way of making this change via the RPM installation of a customized selinux policy for us vs. making this a manual step for the user to execute?
pmyers: If a customized policy could apply to just horizon, and not to other web content hosted by the same server, then that would make sense. But this boolean applies to all web content, so I don't think just installing the RPM should implicitly compromise the system's security. I'm wondering what the precedent is for other packages that install web content? Does just installing the RPM make the content available, like horizon does now, or is there generally an explicit configuration step to publish the content? Maybe we should provide a setup script to publish the content, configure httpd if needed, and set the boolean.
*** This bug has been marked as a duplicate of bug 889224 ***