Browse files

added an experimental "fix" for selinux problems

  • Loading branch information...
1 parent 3874652 commit ed26b9a3fd920785feb4880224f8fce1826d30d4 @lstein lstein committed Nov 5, 2008
Showing with 36 additions and 6 deletions.
  1. +12 −0 Build.PL
  2. +8 −6 README.fedora_and_selinux
  3. +16 −0 install_util/GBrowseInstall.pm
View
12 Build.PL
@@ -41,6 +41,18 @@ my $build = GBrowseInstall->new(
);
+if(-e '/proc/filesystems'
+ && `grep selinux /proc/filesystems`) {
+ print STDERR <<'END';
+**** WARNING *********************************************************
+You appear to have SELinux installed on this computer. This can
+interfere with GBrowse operation. Please read the file
+README.fedora_and_selinux in order to perform additional configuration
+operations that may be necessary to run on this computer.
+**********************************************************************
+END
+}
+
if ($build->have_c_compiler()) {
foreach ('CAlign.xs','CAlign.pm') {
copy("./libalign/$_" => "./lib/Bio/Graphics/Browser/$_");
View
14 README.fedora_and_selinux
@@ -1,11 +1,13 @@
If you have SELinux installed, typically as part of Fedora Core 3 or
-4, then you may experinece difficulties getting GBrowse to work. The
-default security parameters for SELinux prevent GBrowse from
+higher, then you may experience difficulties getting GBrowse to work.
+
+The default security parameters for SELinux prevent GBrowse from
performing some fundamental tasks, including reading its configuration
-file in $CONF/gbrowse.conf (where $CONF is typically /etc/httpd/conf
-or /usr/local/apache/conf). While we are working the developers of
-SELinux to fix this, here are the directions for the current work
-around:
+file in $CONF/GBrowse.conf (where $CONF is typically /etc/httpd/conf
+or /usr/local/apache/conf). The symptom of the problem is that you
+will see "Permission denied" errors in your server error log.
+
+To fix the problem:
1. Make sure your security policy is up to date:
View
16 install_util/GBrowseInstall.pm
@@ -210,6 +210,7 @@ sub ACTION_install {
my ($uid,$gid) = (getpwnam($user))[2,3];
chown $uid,$gid,File::Spec->catfile($self->install_path->{htdocs}, 'tmp');
chown $uid,$gid,glob(File::Spec->catfile($self->install_path->{htdocs},'databases','').'*');
+ $self->fix_selinux;
print STDERR "\n***INSTALLATION COMPLETE***\n";
print STDERR "Now run ./Build apache_conf to generate the needed configuration lines for Apache.\n";
@@ -220,6 +221,21 @@ sub ACTION_install_slave {
$self->SUPER::ACTION_install();
}
+sub fix_selinux {
+ my $self = shift;
+ return unless -e '/proc/filesystems';
+ my $f = IO::File->new('/proc/filesystems') or return;
+ next unless grep /selinux/i,<$f>;
+
+ print STDERR "\n*** SELinux detected -- fixing permissions ***\n";
+
+ my $htdocs = $self->config_data('htdocs');
+ my $conf = $self->config_data('conf');
+ system "/usr/bin/chcon -R -t httpd_sys_content_t $conf";
+ system "/usr/bin/chcon -R -t httpd_sys_content_t $htdocs";
+ system "/usr/bin/chcon -R -t httpd_sys_content_rw_t $htdocs/tmp";
+}
+
sub process_conf_files {
my $self = shift;
my $f = IO::File->new('MANIFEST');

0 comments on commit ed26b9a

Please sign in to comment.