Hello all, Recently stage koji was having some issues and it turned out the that local storage had the wrong selinux fcontext since it's not a nfs mount as it is in production koji. I fixed it by hand for the time being just to test (with nirik's approval) and wanted to be sure and submit a patch to make it persistent.
One thing to note is that I haven't tested this sicne I don't currently have permissions to rbac-playbook and am not in sysadmin-main, but I have a relative level of confidence that it works.
Questions, comments, and snide remarks welcome. :)
-AdamM
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index 3839564..0b5642f 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -206,6 +206,24 @@ tags: - koji_hub
+- name: check selinux default context for /mnt/fedora_koji in staging + command: matchpathcon /mnt/fedora_koji + register: mnt_fedora_koji_context + when: env == "staging" + always_run: yes + changed_when: "1 != 1" + tags: + - koji_hub + - selinux + +- name: /mnt/fedora_koji selinux file context + command: semanage fcontext -a -t httpd_sys_rw_content_t "/mnt/fedora_koji(/.*)?" + when: env == "staging" and + mnt_fedora_koji_context.stdout.find('httpd_sys_rw_content_t') == -1 + tags: + - koji_hub + - selinux + - name: set sebooleans so koji can talk to the db seboolean: name=httpd_can_network_connect_db state=true persistent=true tags:
On Tue, Apr 28, 2015 at 04:35:50PM -0500, Adam Miller wrote:
Hello all, Recently stage koji was having some issues and it turned out the that local storage had the wrong selinux fcontext since it's not a nfs mount as it is in production koji. I fixed it by hand for the time being just to test (with nirik's approval) and wanted to be sure and submit a patch to make it persistent.
One thing to note is that I haven't tested this sicne I don't currently have permissions to rbac-playbook and am not in sysadmin-main, but I have a relative level of confidence that it works.
+1 to merge it here. Even if there's something wrong with it, we can fix it as we go. Thanks!
On Wed, 29 Apr 2015 09:55:55 -0400 Ralph Bean rbean@redhat.com wrote:
On Tue, Apr 28, 2015 at 04:35:50PM -0500, Adam Miller wrote:
Hello all, Recently stage koji was having some issues and it turned out the that local storage had the wrong selinux fcontext since it's not a nfs mount as it is in production koji. I fixed it by hand for the time being just to test (with nirik's approval) and wanted to be sure and submit a patch to make it persistent.
One thing to note is that I haven't tested this sicne I don't currently have permissions to rbac-playbook and am not in sysadmin-main, but I have a relative level of confidence that it works.
+1 to merge it here. Even if there's something wrong with it, we can fix it as we go. Thanks!
Yep. Looks good. ;)
I applied it.
kevin
infrastructure@lists.fedoraproject.org
-
Adam Miller -
Kevin Fenzi -
Ralph Bean