Project

General

Profile

Bug #14437

remove apache_manage_sys_content from katello selinux permissions

Added by Chris Duryee over 3 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Category:
SElinux
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

A previous patch updated katello-selinux to allow writing to /var/www/html/*. This is overly broad and should be constrained further, see https://github.com/Katello/katello-selinux/pull/13#issuecomment-204302997 for a more correct solution.

History

#1 Updated by Lukas Zapletal over 3 years ago

I need to correct my linked statement. That won't work because /var/www/pub is a symlink that has special treatment in SELinux.

I think katello or pulp should provide sensible default instead symlinked /var/www/pub/export. The real path could be used instead: /var/lib/pulp/published/export and then it will work just like that, without the patch that was pushed.

#2 Updated by Eric Helms over 3 years ago

  • Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF