bflad
commented
10 years ago I'm open to adding in some additional support for selinux.
Open biddster opened 10 years ago
bflad
commented
10 years ago I'm open to adding in some additional support for selinux.
biddster
commented
10 years ago Something quick and dirty like this would probably suffice:
case node[:platform_family]
when 'rhel'
package "policycoreutils"
execute "setsebool -P httpd_can_network_connect 1" do
only_if "getsebool -a | grep "httpd_can_network_connect --> off"
end
endThanks for the details. I'll work on implementation tomorrow
bflad
commented
10 years ago Personally, I'd rather fix this the "right way" by having the Opscode apache/selinux cookbook handle the SELinux boolean handling. We'd then just add the appropriate default logic here. It looks like a boolean LWRP was sent in a pull request to the selinux cookbook way long ago, but got mixed up with restorecon changes that made it into Chef 11.6 and hence closed out without that functionality being added.
So. Let's resubmit a new issue to Opscode noting the lack of the boolean handling and get that in their (likely selinux) cookbook. Let me know if you want me to do this.
biddster
commented
10 years ago Thanks, I think we should both pile in on this one and see if we can push it through. I can't believe the entire world runs selinux in permissive mode?
bflad
commented
9 years ago Resurrecting this old discussion. Has the Chef landscape changed here with respect to selinux handling?
I'm performing a monolithic install of Stash on Centos6.4 x64. The Cookbook works great but once it's finished apache is unable to connect to tomcat.
I have to ssh to the stash server and issue:
No big deal to sort - but is there anything we can do in the cookbook?
I've checked the apache cookbook docs and they say that it's up to you to sort out selinux.