On Mon, Jun 16, 2014 at 12:19 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
I think your post install should look like.
On 06/12/2014 10:14 AM, Richard Shaw wrote:
On Thu, Jun 12, 2014 at 6:56 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Please open a bugzilla for the SELinux issues.The full unifi software is java with a mongodb database backend and works fine. I have a RPM I created, the only problem I haven't been able to fix is the selinux issues, one for the private mongodb instance, and then the ports it binds to.
Before I open a BZ, here's what I have in my spec file which from what I understand should be persistent...
%posttrans/usr/sbin/semanage fcontext -e /var/lib/mongod "/var/lib/unifi/logs(/.*)?"/usr/sbin/semanage fcontext -e /var/lib/mongod "/var/lib/unifi/data(/.*)?"/usr/sbin/semanage port -m -t mongod_port_t 27117
Or should this be handled in a policy?
Thanks,Richard
/usr/sbin/semanage fcontext -e /var/log/mongod "/var/lib/unifi/logs"/usr/sbin/semanage fcontext -e /var/lib/mongod "/var/lib/unifi/data"Don't use the regex. Also I would figure the logs should be labeled mongod_log_t rather then mongod_lib_t./usr/sbin/semanage port -m -t mongod_port_t 27117
What is the concern with regex? It is specific to packaging? Most of the examples I found online used that method... As far as the label, since everything is getting dumped in /var/lib I figured that would be OK.
If this is a standard location for this code, we should put it into the base package.
There is not a standard install location, the install will "work" as long as everything stays in the same relative location (the unifi directory). Since it writes a lot of stuff I figured /var was the best (only?) real option.
Following the example of a draft wiki I can't find anymore I had modified the scripts to this instead of using %posttrans:
%post
semanage fcontext -a -t mongod_var_lib_t \
"%{_sharedstatedir}/unifi/logs(/.*)?" 2>/dev/null || :
semanage fcontext -a -t mongod_var_lib_t \
"%{_sharedstatedir}/unifi/data(/.*)?" 2>/dev/null || :
restorecon -R %{_sharedstatedir}/unifi/logs || :
restorecon -R %{_sharedstatedir}/unifi/data || :
semanage port -m -t mongod_port_t 27117 || :
%postun
if [ $1 -eq 0 ] ; then # final removal
semanage fcontext -d -t mongod_var_lib_t \
"%{_sharedstatedir}/unifi/logs(/.*)?" 2>/dev/null || :
semanage fcontext -d -t mongod_var_lib_t \
"%{_sharedstatedir}/unifi/data(/.*)?" 2>/dev/null || :
fi
Thanks,
Richard
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
