[airavata] branch develop updated: Re-enable SELinux, enable httpd_execmem

Wed, 10 Apr 2019 07:40:56 -0700 

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/develop by this push:
     new 842b767  Re-enable SELinux, enable httpd_execmem
842b767 is described below

commit 842b767cf3926cc725c95d06094339c5901b2a7b
Author: Marcus Christie <[email protected]>
AuthorDate: Wed Apr 10 10:39:16 2019 -0400

    Re-enable SELinux, enable httpd_execmem
---
 dev-tools/ansible/roles/django/tasks/main.yml | 10 ++++++++--
 dev-tools/ansible/roles/httpd/tasks/main.yml  |  3 +--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/dev-tools/ansible/roles/django/tasks/main.yml 
b/dev-tools/ansible/roles/django/tasks/main.yml
index ce460cb..b031ce0 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -46,11 +46,11 @@
 
 - name: Install additional dependencies
   pip:
-    name: "{{ airavata_django_extra_dependencies }}"
+    name: "{{ item }}"
     virtualenv: "{{ django_venv_dir }}"
   become: yes
   become_user: "{{user}}"
-  when: airavata_django_extra_dependencies | length > 0
+  with_list: "{{ airavata_django_extra_dependencies }}"
 
 - name: Copy the settings_local.py file
   template: src={{ django_settings_local_template }} dest="{{ 
airavata_django_checkout }}/django_airavata/settings_local.py" owner="{{user}}" 
group="{{group}}"
@@ -121,6 +121,12 @@
     - restart httpd
   when: ansible_os_family == "RedHat"
 
+- name: Allow Django code to execute Java code (Pyjnius, see 
https://github.com/SciGaP/simccs-maptool)
+  seboolean:
+    name: httpd_execmem
+    state: yes
+    persistent: yes
+
 - name: run restorecon on those directories
   command: restorecon -F -R {{ doc_root_dir }}
   become: yes
diff --git a/dev-tools/ansible/roles/httpd/tasks/main.yml 
b/dev-tools/ansible/roles/httpd/tasks/main.yml
index e8f2ec7..469c105 100644
--- a/dev-tools/ansible/roles/httpd/tasks/main.yml
+++ b/dev-tools/ansible/roles/httpd/tasks/main.yml
@@ -1,8 +1,7 @@
 
 # SELinux configuration
 - name: set selinux to enforcing
-# TODO: switch back to enforcing
-  selinux: state=permissive policy=targeted
+  selinux: state=enforcing policy=targeted
   become: yes
   when: ansible_os_family == "RedHat"

Reply via email to