On 01/04/2013 04:30 AM, p...@talk21.com wrote:
Hi Stephen,

Another SELinux error I missed:

3) write to data directory
Occurs when user tries to login.
type=AVC msg=audit(1357290519.860:433): avc:  denied  { write } for
pid=1666 comm="httpd" name="data" dev="dm-1" ino=1884
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir

As with the ext directory, this was fixed using the suggestion from
SELinux trouble shooter:

$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_content_t:s0
$ sudo restorecon -v /var/www/reviewboard/data/
restorecon reset /var/www/reviewboard/data context
$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_rw_content_t:s0

I think this will be corrected when we add the semanage support to rb-site.

Fixing the two write denials allows reviewboard to function normally.

Regarding memcached, in addition to the SELinux named_connect
restriction, the memcached package is not installed.  It's not a
mandatory dependency of reviewboard, however the rb-site script does
configure it by default.  Should memcached be required by the F18
reviewboard package?

This is basically intentional. On Fedora, we don't have the Debian/Ubuntu concept of "Recommends:" packages. As a rule, we try to install the minimal subset of packages that are needed in order to operate. Since ReviewBoard *can* function without memcached installed on the local system (it can either connect to a remote memcached server or use a local file cache), it's not a hard dependency.

This policy is in place to keep the amount of cruft down on a particular system especially if it's being installed somewhere with limited space (such as a small VM).

I'm technically already bending this policy by installing the client libraries for MySQL, PostgreSQL, SQLite and memcached alongside ReviewBoard, but they're all very small and none of those are system services that require their own configuration.

A couple of commands allowed reviewboard to make use of memcached.  This
was verified by seeing the server cache stats present on the admin
$ sudo yum install memcached
$ sudo systemctl start memcached.service

Yes, this is the proper way to run memcached. Though as I said, it does not need to run on the same machine as Review Board. For example, the site we're running in the Fedora Infrastructure is connected to an external memcached server (shared with multiple other web apps, but on dedicated hardware).

Want to help the Review Board project? Donate today at 
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to