Bug #18019

[deployment][arvados-formula] selinux breaks many installation steps

Added by Javier BĂ©rtoli 2 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Deployment
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

Selinux enforces a series of restrictions on ports and paths that applications can bind or use.

In our setup, nginx needs to bind to many restricted ports, passenger needs to write into a restricted path (usually /usr/share/nginx/passenger_temp), etc.

All these fail when SELinux is enabled (ie, Centos-7 has selinux enabled by default).

The formula should:

  • allow to manage the selinux rules required for Arvados
  • allow to disable selinux
  • we should document the changes so any admin that wants to manage some other way can do it.

Also available in: Atom PDF