search

OSC / ondemand

Supercomputing. Seamlessly. Open, Interactive HPC Via the Web
https://openondemand.org/
MIT License
277 stars 104 forks source link

selinux patch for symlinks #3713

Open johrstrom opened 1 month ago

johrstrom commented 1 month ago

From discourse: https://discourse.openondemand.org/t/selinux-accessing-home-directory-issue/3664

Our selinux policy seems to need the ability to modify symlinks which this discourse user provides the patch for. This ticket is to apply said patch.

hsmallbone commented 1 month ago

I think this is just accessing files through the gateway symlink suggested by the docs for developing apps? I have applied this patch but it doesn't seem to help persistently (i.e. every time I try again it will error out).

Also more generally the ood_pun_t context doesn't seem to be able to access user_home_t

hsmallbone commented 2 days ago

I have just patched such that ood_pun_t can access user_home_t. We now have several selinux policies but I am not sure which of them are due to our unique position of login node being the same as compute node.