On 06/25/2013 12:51 PM, Matthew Woehlke wrote: > On 2013-06-25 12:27, Stephen Gallagher wrote: >> On 06/25/2013 12:24 PM, Matthew Woehlke wrote: >>> On 2013-06-25 07:48, Stephen Gallagher wrote: >>>> Yeah, my TODO list includes working up some SELinux rules for >>>> ReviewBoard and getting rb-site to be capable of setting them up during >>>> installation. It's a pretty big task and low on my priority list right >>>> now, unfortunately. >>> >>> Heh. I'm running with SELinux enabled. I can probably dig up the >>> relevant *compiled* rules if those are of any use. I think I deleted the >>> 'source' files for them, however. (Yeah, bad decision in retrospect, but >>> haven't gotten around to trying to recreate them.) >>> >>> I don't think there are actually very many (maybe four, but at least one >>> is git specific; probably need additional rules for other VCS's). >> >> If you can figure out what they are, it would be a great start for me. >> >> I don't necessarily just need exception rules, though. We may want to >> introduce new SELinux types for rules so we keep things constrained. >> (Though since basically everything runs inside apache/mod_wsgi, we're >> probably going to end up mostly using apache rules). > > By memory and file names... I had to grant httpd (don't recall if that > was a user, process, context, ...) access to specific sockets for git, > LDAP and postgres. (Unfortunately, all of those are to some degree > specific to my setup, e.g. someone else might need none of those, but > instead need to grant access to MySQL and SVN.) > > I can send you .pp files, but I'm not sure if those are useful to other > than a running system, or even on another release of Fedora (I'm on 18, > currently). >
Thee compiled .pp files won't be useful, I'm afraid. -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
