On 11/5/23 18:46, Orion Poplawski wrote:
Would there be any objections to moving the cobbler SELinux policy into the Fedora cobbler package as has been done with other packages?
As a follow up:cobbler is shifting to use a gunicorn started service to provide the XML-RPC interface that was previously done with a mod_wsgi interface. So we are going from:
WSGIScriptAliasMatch ^/cblr/svc/([^/]*) @@webroot@@/cobbler/svc/services.py ProxyPass /cobbler_api http://127.0.0.1:25151/with port 25151 being defined as the "cobbler" port which the sebool httpd_can_network_connect_cobbler enables httpd to connect to.
To: ProxyPass /cblr/svc/ http://localhost:8000/ ProxyPass /cobbler_api http://127.0.0.1:25151/ so now two ports to serve cobbler. What the current thinking on tuning what httpd can connect to? Thanks. -- Orion Poplawski he/him/his - surely the least important thing about me IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
