From 9f07c4f46650bf8b035e1a34e30e489e8af9d184 Mon Sep 17 00:00:00 2001 From: Matthieu CERDA Date: Wed, 22 Apr 2015 19:57:25 +0200 Subject: [PATCH] Fixes #6517: Add initial SELinux support --- rudder-webapp/SPECS/rudder-webapp.spec | 13 +++++++++++++ rudder-webapp/debian/postinst | 13 +++++++++++++ 2 files changed, 26 insertions(+) diff --git a/rudder-webapp/SPECS/rudder-webapp.spec b/rudder-webapp/SPECS/rudder-webapp.spec index 1af3682ff..80735c978 100644 --- a/rudder-webapp/SPECS/rudder-webapp.spec +++ b/rudder-webapp/SPECS/rudder-webapp.spec @@ -400,6 +400,19 @@ if [ ! -f /opt/rudder/etc/ssl/rudder-webapp.crt ] || [ ! -f /opt/rudder/etc/ssl/ echo " Done" fi +# SELinux support +# Check "sestatus" presence, and if here, probe if SELinux +# is enabled. If so, then tweak our installation to be +# SELinux compliant +if type sestatus >/dev/null 2>&1 + if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ] + then + # Adjust the inventory directories SELinux context + chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming + chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates + fi +fi + echo -n "INFO: Starting Apache HTTPd..." service %{apache} start >/dev/null 2>&1 echo " Done" diff --git a/rudder-webapp/debian/postinst b/rudder-webapp/debian/postinst index 820ffa54d..9527f76da 100644 --- a/rudder-webapp/debian/postinst +++ b/rudder-webapp/debian/postinst @@ -89,6 +89,19 @@ case "$1" in echo " Done" fi + # SELinux support + # Check "sestatus" presence, and if here, probe if SELinux + # is enabled. If so, then tweak our installation to be + # SELinux compliant + if type sestatus >/dev/null 2>&1 + if [ $(LANG=C sestatus | grep -cE "SELinux status:.*enabled") -ne 0 ] + then + # Adjust the inventory directories SELinux context + chcon -R --type=httpd_sys_content_t /var/rudder/inventories/incoming + chcon -R --type=httpd_sys_content_t /var/rudder/inventories/accepted-nodes-updates + fi + fi + echo -n "INFO: Restarting Apache HTTPd..." /etc/init.d/apache2 restart >/dev/null 2>&1 echo " Done"