Ack'd as temporary way to solve a problem.
Cheers,
-francesco
On Mon, Apr 04, 2011 at 04:34:55PM -0400, Mohammed Morsi wrote:
right now nothing in configure requires selinux to be permissive before running, and thus selinux could still be enforcing, preventing the aeolus seed data from being created.
if any other components require selinux to be permissive, we should create policy exceptions for those operations and remove the selinux permissive bits
recipes/aeolus_recipe/manifests/conductor.pp | 2 +- recipes/apache/manifests/init.pp | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/recipes/aeolus_recipe/manifests/conductor.pp b/recipes/aeolus_recipe/manifests/conductor.pp index cd2934a..86c1210 100644 --- a/recipes/aeolus_recipe/manifests/conductor.pp +++ b/recipes/aeolus_recipe/manifests/conductor.pp @@ -265,7 +265,7 @@ define aeolus::conductor::login($user,$password){ -d commit=submit \ -c /tmp/aeolus-${user}.cookie", onlyif => "/usr/bin/test ! -f /tmp/aeolus-${user}.cookie || "" == "`curl -X GET http://localhost/conductor -b /tmp/aeolus-${user}.cookie -i --silent | grep 'HTTP/1.1 200'`"",
require => Service['aeolus-conductor']}
require => Service['aeolus-conductor', 'httpd']}}
define aeolus::conductor::logout($user){ diff --git a/recipes/apache/manifests/init.pp b/recipes/apache/manifests/init.pp index 80d8980..79f15f9 100644 --- a/recipes/apache/manifests/init.pp +++ b/recipes/apache/manifests/init.pp @@ -9,12 +9,17 @@ class apache { package { "mod_ssl": ensure => installed } }
- # if selinux is enabled and we want to use mod_proxy, we need todo this
- exec{'permit-http-networking':
command => '/usr/sbin/setsebool httpd_can_network_connect 1',logoutput => true }- service { "httpd": ensure => running,
require => Package["httpd"],
require => [Package["httpd"], Exec['permit-http-networking']],
- enable => true,
enable => true }
exec { "reload-apache":
-- 1.7.2.3
aeolus-devel mailing list aeolus-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/aeolus-devel