search

pretix / pretix

Ticket shop application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, barcamps, etc.
https://pretix.eu
Other
1.88k stars 471 forks source link

Docker installation SElinux #4070

Closed gilbertf closed 4 months ago

gilbertf commented 7 months ago

Problem and impact

Installing pretix following https://docs.pretix.eu/en/latest/admin/installation/docker_smallscale.html failed on Fedora 39 with SElinux (default installtion) blocking access (permission denied) to /data and redis.sock.

This might likely apply to CentOs and Redhat as well.

Expected behaviour

  1. Update documentation (or add remark) to fix /data access problem by changing systemd pretix.service ExecStart entry from "-v /var/pretix-data:/data" to "-v /var/pretix-data:/data:z"

  2. Update documentation (or add remark) to update SElinux rules to accept redis.sock access: "grep 'redis.sock' /var/log/audit/audit.log | audit2allow -M redis-socket; semodule -i redis-socket.pp"

Steps to reproduce

No response

Screenshots

No response

Link

No response

Browser (software, desktop or mobile?) and version

No response

Operating system, dependency versions

No response

Version

No response

raphaelm commented 6 months ago

Update documentation (or add remark) to fix /data access problem by changing systemd pretix.service ExecStart entry from "-v /var/pretix-data:/data" to "-v /var/pretix-data:/data:z"

That appears to make sense.

Update documentation (or add remark) to update SElinux rules to accept redis.sock access: "grep 'redis.sock' /var/log/audit/audit.log | audit2allow -M redis-socket; semodule -i redis-socket.pp"

Is that really a best practice on how to do that? Sounds more like a curl|bash approach that I wouldn't want to recommend in public docs.