Bug 889348 - Make SElinux setting for horizon persistent
Make SElinux setting for horizon persistent
Status: CLOSED DUPLICATE of bug 889224
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Getting_Started_Guide (Show other bugs)
2.0 (Folsom)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Bruce Reeler
ecs-bugs
: Documentation, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-20 16:34 EST by Bob Kukura
Modified: 2016-04-26 13:36 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-24 17:00:52 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Kukura 2012-12-20 16:34:39 EST
Description of problem: 

Chapter 8 should say "sudo setsebool -P httpd_can_network_connect on" instead of "sudo setsebool httpd_can_network_connect on" so the setting persists after reboot.


Version-Release number of selected component (if applicable):


How reproducible: 100%


Steps to Reproduce:
1. follow guide, verify can log into horizon
2. reboot
3. try to login to horizon
  
Actual results: Can't login


Expected results: Can login


Additional info:
Comment 2 Perry Myers 2012-12-20 17:48:21 EST
@rkukura: Shouldn't we have a way of making this change via the RPM installation of a customized selinux policy for us vs. making this a manual step for the user to execute?
Comment 3 Bob Kukura 2012-12-21 08:40:25 EST
pmyers: If a customized policy could apply to just horizon, and not to other web content hosted by the same server, then that would make sense. But this boolean applies to all web content, so I don't think just installing the RPM should implicitly compromise the system's security. I'm wondering what the precedent is for other packages that install web content? Does just installing the RPM make the content available, like horizon does now, or is there generally an explicit configuration step to publish the content? Maybe we should provide a setup script to publish the content, configure httpd if needed, and set the boolean.
Comment 4 Stephen Gordon 2013-01-24 17:00:52 EST

*** This bug has been marked as a duplicate of bug 889224 ***

Note You need to log in before you can comment on or make changes to this bug.