On 01/04/2013 04:30 AM, p...@talk21.com wrote:
Hi Stephen,Another SELinux error I missed: 3) write to data directory Occurs when user tries to login. type=AVC msg=audit(1357290519.860:433): avc: denied { write } for pid=1666 comm="httpd" name="data" dev="dm-1" ino=1884 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir As with the ext directory, this was fixed using the suggestion from SELinux trouble shooter: $ ls -ldZ /var/www/reviewboard/data drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/reviewboard/data $ sudo restorecon -v /var/www/reviewboard/data/ restorecon reset /var/www/reviewboard/data context unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0 $ ls -ldZ /var/www/reviewboard/data drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_rw_content_t:s0 /var/www/reviewboard/data
I think this will be corrected when we add the semanage support to rb-site.
Fixing the two write denials allows reviewboard to function normally. Regarding memcached, in addition to the SELinux named_connect restriction, the memcached package is not installed. It's not a mandatory dependency of reviewboard, however the rb-site script does configure it by default. Should memcached be required by the F18 reviewboard package?
This is basically intentional. On Fedora, we don't have the Debian/Ubuntu concept of "Recommends:" packages. As a rule, we try to install the minimal subset of packages that are needed in order to operate. Since ReviewBoard *can* function without memcached installed on the local system (it can either connect to a remote memcached server or use a local file cache), it's not a hard dependency.
This policy is in place to keep the amount of cruft down on a particular system especially if it's being installed somewhere with limited space (such as a small VM).
I'm technically already bending this policy by installing the client libraries for MySQL, PostgreSQL, SQLite and memcached alongside ReviewBoard, but they're all very small and none of those are system services that require their own configuration.
A couple of commands allowed reviewboard to make use of memcached. This was verified by seeing the server cache stats present on the admin dashboard. $ sudo yum install memcached $ sudo systemctl start memcached.service
Yes, this is the proper way to run memcached. Though as I said, it does not need to run on the same machine as Review Board. For example, the site we're running in the Fedora Infrastructure is connected to an external memcached server (shared with multiple other web apps, but on dedicated hardware).
-- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
