Hello all,
Recently stage koji was having some issues and it turned out the
that local storage had the wrong selinux fcontext since it's not a nfs
mount as it is in production koji. I fixed it by hand for the time
being just to test (with nirik's approval) and wanted to be sure and
submit a patch to make it persistent.
One thing to note is that I haven't tested this sicne I don't
currently have permissions to rbac-playbook and am not in
sysadmin-main, but I have a relative level of confidence that it
works.
Questions, comments, and snide remarks welcome. :)
-AdamM
diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml
index 3839564..0b5642f 100644
--- a/roles/koji_hub/tasks/main.yml
+++ b/roles/koji_hub/tasks/main.yml
@@ -206,6 +206,24 @@
tags:
- koji_hub
+- name: check selinux default context for /mnt/fedora_koji in staging
+ command: matchpathcon /mnt/fedora_koji
+ register: mnt_fedora_koji_context
+ when: env == "staging"
+ always_run: yes
+ changed_when: "1 != 1"
+ tags:
+ - koji_hub
+ - selinux
+
+- name: /mnt/fedora_koji selinux file context
+ command: semanage fcontext -a -t httpd_sys_rw_content_t
"/mnt/fedora_koji(/.*)?"
+ when: env == "staging" and
+ mnt_fedora_koji_context.stdout.find('httpd_sys_rw_content_t') == -1
+ tags:
+ - koji_hub
+ - selinux
+
- name: set sebooleans so koji can talk to the db
seboolean: name=httpd_can_network_connect_db state=true persistent=true
tags:
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
