[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux setup and subsequent fixits



+++ Krishna Raman [12/03/13 11:09 -0400]:
Adam offered to work on these docs but he has been busy with the release.
He will be starting on it again soon.

Yeah, I just talked with Adam and it sounds like it would be best to
just post what we have instead of waiting until we have it completely
finished and tested.  If anything it won't be less broken than the
current 'build-your-own' doc.

John, so you are aware the plan is to make the 'build-your-own' doc
Fedora centric and create a RHEL/CentOS port of the doc hosted on the
wiki.  It definitely sounds like you have a fairly solid grasp on what
is needed for running Origin on RHEL/derivatives so if you think you
could help out we would greatly appreciate it.

--Brenton


--Kr

----- Original Message -----
From: "Brenton Leanhardt" <bleanhar redhat com>
To: "John Reuning" <john ibiblio org>, "Krishna Raman" <kraman redhat com>
Cc: dev lists openshift redhat com
Sent: Tuesday, March 12, 2013 5:11:21 AM
Subject: Re: Selinux setup and subsequent fixits

+++ John Reuning [11/03/13 17:20 -0400]:
In case anyone is interested, here's a change to the selinux config
section of the build your own docs that helped make my scl-ified
broker happy.  This may apply if you're using rhel/centos instead of
fedora.

   /sbin/fixfiles -R ruby193-rubygem-passenger restore
   /sbin/fixfiles -R ruby193-mod_passenger restore
   /sbin/restorecon -rv /opt/rh/ruby193/root/usr/share/gems/gems/passenger-*

I've also noticed that I have to rerun all of the restorecon and
fixfiles commands after almost every package update.  Most recently,
it was "restorecon -rv /cgroup" on the nodes to fix cgred inotify avc
errors.  Is this continual selinux breakage normal?

The cgred AVC is now fixed in the RHEL 6 selinux-policy.  As for the
fixfiles/restorecon changes there is a pending overhaul for the
OpenShift Origin 'build-your-own' document.

Krishna, do you know when the new docs will be published?


Thanks,

-John

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]