On 01/04/2013 04:30 AM, p...@talk21.com wrote:
Hi Stephen,
Another SELinux error I missed:
3) write to data directory
Occurs when user tries to login.
type=AVC msg=audit(1357290519.860:433): avc: denied { write } for
pid=1666 comm="httpd" name="data" dev="dm-1" ino=1884
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
As with the ext directory, this was fixed using the suggestion from
SELinux trouble shooter:
$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_content_t:s0
/var/www/reviewboard/data
$ sudo restorecon -v /var/www/reviewboard/data/
restorecon reset /var/www/reviewboard/data context
unconfined_u:object_r:httpd_sys_content_t:s0->unconfined_u:object_r:httpd_sys_rw_content_t:s0
$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_rw_content_t:s0
/var/www/reviewboard/data
I think this will be corrected when we add the semanage support to rb-site.
Fixing the two write denials allows reviewboard to function normally.
Regarding memcached, in addition to the SELinux named_connect
restriction, the memcached package is not installed. It's not a
mandatory dependency of reviewboard, however the rb-site script does
configure it by default. Should memcached be required by the F18
reviewboard package?
This is basically intentional. On Fedora, we don't have the
Debian/Ubuntu concept of "Recommends:" packages. As a rule, we try to
install the minimal subset of packages that are needed in order to
operate. Since ReviewBoard *can* function without memcached installed on
the local system (it can either connect to a remote memcached server or
use a local file cache), it's not a hard dependency.
This policy is in place to keep the amount of cruft down on a particular
system especially if it's being installed somewhere with limited space
(such as a small VM).
I'm technically already bending this policy by installing the client
libraries for MySQL, PostgreSQL, SQLite and memcached alongside
ReviewBoard, but they're all very small and none of those are system
services that require their own configuration.
A couple of commands allowed reviewboard to make use of memcached. This
was verified by seeing the server cache stats present on the admin
dashboard.
$ sudo yum install memcached
$ sudo systemctl start memcached.service
Yes, this is the proper way to run memcached. Though as I said, it does
not need to run on the same machine as Review Board. For example, the
site we're running in the Fedora Infrastructure is connected to an
external memcached server (shared with multiple other web apps, but on
dedicated hardware).
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en