On 08/21/2014 05:12 PM, Matthew Woehlke wrote:
> On 2014-08-21 16:53, Tyler Mace wrote:
>> I'm eager to get started with Review Board, but it's not working out of the 
>> box. I have Fedora 20 installed, with RB 1.7.26 with httpd 2.4.10.
>>
>> I can only work ReviewBoard if I turn off selinux, i.e. "setenforce off." 
>> We cannot do this on production.
> 
> This is similar to my setup, which is working, and *does* have SELinux
> in 'enforcing' mode. It was necessary for me to create some additional
> rules, however. Unfortunately, while I still have those rules installed,
> I don't have the files from which they were created, which as I
> understand are necessary to create them on other systems (or e.g. bundle
> with the .rpm). If you're willing to help work through these issues in
> order to get it working on your machine, and then contribute back the
> necessary files so that the rules can be set up automatically with the
> .rpm, I'm sure that would be greatly appreciated.
> 
> You might also want to look at the audit2why and audit2allow commands.
> If you get it working, please don't make the mistake I made and delete
> the rule input files :-), but contribute them back.
> 
> Stephen Gallagher (who usually reads this list, and is the Fedora
> packager for RB) may also be able to help out. However he seems to have
> a somewhat erratic schedule, so don't panic if he doesn't jump in right
> away.
> 

Erratic doesn't begin to describe it :)

So, I've been meaning for about a year now to try to deal with the
SELinux situation. The problem is this: I can't make a general set of
SELinux policies work because Review Board sites don't have a fixed
location on disk (you can install a site to any path).

I've been meaning for a long time now to work on adding semanage support
into the actual 'rb-site install' command so that we can assign the
appropriate SELinux contexts to the installed site, but I haven't been
able to find the time to do so.

-- 
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
---
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
---
Happy user? Let us know at http://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to