Project

General

Profile

Bug #35402

Installer - Bug #33956: serve assets directly via Apache, not via Puma/Rails

Allow apache to read /var/lib/foreman/public

Added by Evgeni Golov 3 months ago. Updated 1 day ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
General Foreman
Target version:
-

Associated revisions

Revision 70780594 (diff)
Added by Evgeni Golov 3 months ago

Fixes #35402 - label /var/lib/foreman/public httpd_sys_content_t

This allows Apache to read the static assets generated by Rails

Revision ea4ca655 (diff)
Added by Evgeni Golov 3 months ago

Fixes #35402 - allow apache to read /var/lib/foreman

This is needed to allow it to serve static assets which are deployed to
/var/lib/foreman/public

Revision 8b486b1c (diff)
Added by Evgeni Golov 3 months ago

Refs #35402 - allow Apache to read foreman_lib_t symlinks

History

#1 Updated by Evgeni Golov 3 months ago

  • Project changed from Installer to SELinux

#2 Updated by Evgeni Golov 3 months ago

type=AVC msg=audit(1661162910.716:3887): avc:  denied  { getattr } for  pid=49653 comm="httpd" path="/var/lib/foreman/public/webpack/bundle-f479bf58695b19127829.css" dev="vda1" ino=109226856 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1661162910.716:3888): avc:  denied  { read } for  pid=49653 comm="httpd" name="bundle-f479bf58695b19127829.css" dev="vda1" ino=109226856 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1661162910.716:3888): avc:  denied  { open } for  pid=49653 comm="httpd" path="/var/lib/foreman/public/webpack/bundle-f479bf58695b19127829.css" dev="vda1" ino=109226856 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1661162910.717:3889): avc:  denied  { map } for  pid=49653 comm="httpd" path="/var/lib/foreman/public/webpack/bundle-f479bf58695b19127829.css" dev="vda1" ino=109226856 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:foreman_lib_t:s0 tclass=file permissive=1

#3 Updated by The Foreman Bot 3 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/145 added

#4 Updated by The Foreman Bot 3 months ago

  • Fixed in Releases 3.5.0 added

#5 Updated by Evgeni Golov 3 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/146 added

#7 Updated by The Foreman Bot 3 months ago

  • Pull request https://github.com/theforeman/foreman-selinux/pull/147 added

#8 Updated by Ewoud Kohl van Wijngaarden 1 day ago

  • Triaged changed from No to Yes
  • Category set to General Foreman

Also available in: Atom PDF