On 08/21/2014 05:12 PM, Matthew Woehlke wrote:
> On 2014-08-21 16:53, Tyler Mace wrote:
>> I'm eager to get started with Review Board, but it's not working out of the
>> box. I have Fedora 20 installed, with RB 1.7.26 with httpd 2.4.10.
>> I can only work ReviewBoard if I turn off selinux, i.e. "setenforce off."
>> We cannot do this on production.
> This is similar to my setup, which is working, and *does* have SELinux
> in 'enforcing' mode. It was necessary for me to create some additional
> rules, however. Unfortunately, while I still have those rules installed,
> I don't have the files from which they were created, which as I
> understand are necessary to create them on other systems (or e.g. bundle
> with the .rpm). If you're willing to help work through these issues in
> order to get it working on your machine, and then contribute back the
> necessary files so that the rules can be set up automatically with the
> .rpm, I'm sure that would be greatly appreciated.
> You might also want to look at the audit2why and audit2allow commands.
> If you get it working, please don't make the mistake I made and delete
> the rule input files :-), but contribute them back.
> Stephen Gallagher (who usually reads this list, and is the Fedora
> packager for RB) may also be able to help out. However he seems to have
> a somewhat erratic schedule, so don't panic if he doesn't jump in right
Erratic doesn't begin to describe it :)
So, I've been meaning for about a year now to try to deal with the
SELinux situation. The problem is this: I can't make a general set of
SELinux policies work because Review Board sites don't have a fixed
location on disk (you can install a site to any path).
I've been meaning for a long time now to work on adding semanage support
into the actual 'rb-site install' command so that we can assign the
appropriate SELinux contexts to the installed site, but I haven't been
able to find the time to do so.
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
Happy user? Let us know at http://www.reviewboard.org/users/
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.