On Wed, Jul 29, 2015 at 11:57 AM <[email protected]> wrote:
> Maybe not as specific as it should be, but: > > > chcon -Rv --type=httpd_sys_content_t /var/www/ > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www(/.*)?" > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/ > codereview.iacc.dis.gov(/.*)?" > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/ > codereview.iacc.dis.gov/data/(/.*)?" > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/ > codereview.iacc.dis.gov/htdocs/media/ext(/.*)?" > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/ > codereview.iacc.dis.gov/htdocs/static/ext(/.*)?" > restorecon -R -v /var/www/ > > > OK, so part of the problem is that you installed into the /var/www directory. I've been trying to get /var/lib/reviewboard/sites/<sitename> made into the standard location for these, because it's much easier to create rules. (The /var/www path is assumed to have everything be HTML content by the default SELinux policy). If we install into a known reviewboard-specific path, the default policy on the system can understand it and apply the right rules without manual input. (Basically, the problem is that /var/www has no known structure that we can write rules for; everything just gets the default website rules). Note also that with recent versions of reviewboard, doing 'rb-site install <sitename>' (without an absolute path) will default to /var/lib/reviewboard/sites/<sitename> on Fedora/RHEL for this reason.) > On Tuesday, June 25, 2013 at 11:27:06 AM UTC-5, Stephen Gallagher wrote: >> >> On 06/25/2013 12:24 PM, Matthew Woehlke wrote: >> > On 2013-06-25 07:48, Stephen Gallagher wrote: >> >> Yeah, my TODO list includes working up some SELinux rules for >> >> ReviewBoard and getting rb-site to be capable of setting them up >> during >> >> installation. It's a pretty big task and low on my priority list right >> >> now, unfortunately. >> > >> > Heh. I'm running with SELinux enabled. I can probably dig up the >> > relevant *compiled* rules if those are of any use. I think I deleted >> the >> > 'source' files for them, however. (Yeah, bad decision in retrospect, >> but >> > haven't gotten around to trying to recreate them.) >> > >> > I don't think there are actually very many (maybe four, but at least >> one >> > is git specific; probably need additional rules for other VCS's). >> > >> >> If you can figure out what they are, it would be a great start for me. >> >> I don't necessarily just need exception rules, though. We may want to >> introduce new SELinux types for rules so we keep things constrained. >> (Though since basically everything runs inside apache/mod_wsgi, we're >> probably going to end up mostly using apache rules). >> > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
