Arvados

Selinux enforces a series of restrictions on ports and paths that applications can bind or use.

In our setup, nginx needs to bind to many restricted ports, passenger needs to write into a restricted path (usually /usr/share/nginx/passenger_temp), etc.

All these fail when SELinux is enabled (ie, Centos-7 has selinux enabled by default).

The formula should:

• allow to manage the selinux rules required for Arvados
• allow to disable selinux
• we should document the changes so any admin that wants to manage some other way can do it.