Bug #14437: remove apache_manage_sys_content from katello selinux permissions - Katello - Foreman

Bug #14437

remove apache_manage_sys_content from katello selinux permissions

Added by Chris Duryee about 6 years ago. Updated almost 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Chris Duryee

Category:

SElinux

Target version:

Katello Backlog

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

A previous patch updated katello-selinux to allow writing to /var/www/html/*. This is overly broad and should be constrained further, see https://github.com/Katello/katello-selinux/pull/13#issuecomment-204302997 for a more correct solution.

History

#1 Updated by Lukas Zapletal about 6 years ago

I need to correct my linked statement. That won't work because /var/www/pub is a symlink that has special treatment in SELinux.

I think katello or pulp should provide sensible default instead symlinked /var/www/pub/export. The real path could be used instead: /var/lib/pulp/published/export and then it will work just like that, without the patch that was pushed.

#2 Updated by Eric Helms about 6 years ago

Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF

Project

General

Profile

Plugins » Katello

Issues

Custom queries

Bug #14437

remove apache_manage_sys_content from katello selinux permissions

History

#1 Updated by Lukas Zapletal about 6 years ago

#2 Updated by Eric Helms about 6 years ago