That's what lies in those "SELinux policies."
I think it's simple: Use SELinux to lock the filesystem (and other
stuff) up so no one can get in or go around. Then create specific
policies that allow, in this case, NiFi, access to its filesystem (like
//opt/nifi/current-nifi//) so that it can do work. Obviously, when you
install NiFi, things can get complicated like where do you want each
repository to live--you'll have to provide NiFi access to each place, no
longer a single filesystem.
This is handled by DevOps guys and not me (I just write custom
processors), but if you get real pointed, I can ask them better
questions they can answer.
Russ
On 3/8/24 15:04, Mike Thomsen wrote:
I think the admin told me that even a simple nifi.sh start won’t work.
Just won’t even start the script and it is marked executable. I was
wondering if there were any gotchas to getting a basic setup running.
Sent from my iPhone
On Mar 8, 2024, at 4:29 PM, Russell Bateman <r...@windofkeltia.com>
wrote:
We have run on CentOS with SELinux set to enforcing and have run
NiFi in that environment for probably 8 or 9 years now. We do install
some SELinux policies that allow NiFi to access the filesystem
underneath itself and not outside that filesystem.
What specifically are you asking?
On 3/8/24 14:04, Mike Thomsen wrote:
Does anyone have experience setting up NiFi w/ SELinux set to
"enforcing?"
