On 08/21/2014 05:12 PM, Matthew Woehlke wrote: > On 2014-08-21 16:53, Tyler Mace wrote: >> I'm eager to get started with Review Board, but it's not working out of the >> box. I have Fedora 20 installed, with RB 1.7.26 with httpd 2.4.10. >> >> I can only work ReviewBoard if I turn off selinux, i.e. "setenforce off." >> We cannot do this on production. > > This is similar to my setup, which is working, and *does* have SELinux > in 'enforcing' mode. It was necessary for me to create some additional > rules, however. Unfortunately, while I still have those rules installed, > I don't have the files from which they were created, which as I > understand are necessary to create them on other systems (or e.g. bundle > with the .rpm). If you're willing to help work through these issues in > order to get it working on your machine, and then contribute back the > necessary files so that the rules can be set up automatically with the > .rpm, I'm sure that would be greatly appreciated. > > You might also want to look at the audit2why and audit2allow commands. > If you get it working, please don't make the mistake I made and delete > the rule input files :-), but contribute them back. > > Stephen Gallagher (who usually reads this list, and is the Fedora > packager for RB) may also be able to help out. However he seems to have > a somewhat erratic schedule, so don't panic if he doesn't jump in right > away. >
Erratic doesn't begin to describe it :) So, I've been meaning for about a year now to try to deal with the SELinux situation. The problem is this: I can't make a general set of SELinux policies work because Review Board sites don't have a fixed location on disk (you can install a site to any path). I've been meaning for a long time now to work on adding semanage support into the actual 'rb-site install' command so that we can assign the appropriate SELinux contexts to the installed site, but I haven't been able to find the time to do so. -- Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/ --- Sign up for Review Board hosting at RBCommons: https://rbcommons.com/ --- Happy user? Let us know at http://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
