Closed cygnetix closed 5 years ago
PS: Awesome work on writing the role. It's saved me a heap of time! The install process for MISP is pretty long, but well worth the effort.
It seems the ansible module (https://docs.ansible.com/ansible/latest/modules/sefcontext_module.html) regexp matching is not really recursive in https://github.com/juju4/ansible-MISP/blob/devel2/tasks/selinux-context.yml. For now, I moved to a non-idempotent chcon command call. Please test and confirm it's ok.
sadly can't test this part in travis with ubuntu kernel as no selinux.
is this still an issue? Thanks
Hi Juju4,
I'd forgotten all about this.
I think I set the labels manually in the end, so didn't check - sorry. Certainly not an issue for me anymore and I can always reopen (or send a PR) if I find that it's not working in the future.
Thanks for such a prompt response and for all your awesome Ansible playbooks.
Using: CentOS Linux release 7.5.1804 (Core)
I'm getting the following after running a playbook to apply the role:
Running
ausearch -m avc -ts recent
show's it's an SELinux labelling issue andsetenforce 0
works around the problem:The SELinux label for this directory, and possibly sub-directories, should be set to something that
t_httpd
can write to as part of the Ansible role.Just adding a ticket now before I forget. I may find time to come back and fix it up with a PR but probably not any time soon.