Project

General

Profile

Actions
Copy link

Bug #14437

open

remove apache_manage_sys_content from katello selinux permissions

Added by Chris Duryee about 8 years ago. Updated almost 6 years ago.

Status:
New
Priority:
Normal
Assignee:
Chris Duryee
Category:
SElinux
Target version:
Katello Backlog
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

A previous patch updated katello-selinux to allow writing to /var/www/html/*. This is overly broad and should be constrained further, see https://github.com/Katello/katello-selinux/pull/13#issuecomment-204302997 for a more correct solution.

Actions
Copy link
 #1

Updated by Lukas Zapletal about 8 years ago

I need to correct my linked statement. That won't work because /var/www/pub is a symlink that has special treatment in SELinux.

I think katello or pulp should provide sensible default instead symlinked /var/www/pub/export. The real path could be used instead: /var/lib/pulp/published/export and then it will work just like that, without the patch that was pushed.

Actions
Copy link
 #2

Updated by Eric Helms about 8 years ago

  • translation missing: en.field_release set to 114
Actions
Copy link

Also available in: Atom PDF