3:51 p.m.
Signed-off-by: Paulo Vital <pvital(a)linux.vnet.ibm.com>
---
contrib/kimchi.spec.fedora.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 77bf6bf..185f0ff 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -105,6 +105,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
iptables -I INPUT -p tcp --dport 64667 -j ACCEPT
service iptables save >/dev/null 2>&1
%endif
+# Add SELinux rules to "open" Kimchi ports
+semanage permissive -a httpd_t
%preun
@@ -129,6 +131,8 @@ if [ "$1" -ge 1 ] ; then
/bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || :
fi
exit 0
+# Rollback SELinux rules
+semanage permissive -d httpd_t
%clean
--
1.8.3.1
9:44 a.m.
Reviewed-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
I will apply it to wip branch and continue the tests there.
On 04/17/2014 05:51 PM, Paulo Vital wrote:
Signed-off-by: Paulo Vital <pvital(a)linux.vnet.ibm.com>
---
contrib/kimchi.spec.fedora.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 77bf6bf..185f0ff 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -105,6 +105,8 @@ iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
iptables -I INPUT -p tcp --dport 64667 -j ACCEPT
service iptables save >/dev/null 2>&1
%endif
+# Add SELinux rules to "open" Kimchi ports
+semanage permissive -a httpd_t
%preun
@@ -129,6 +131,8 @@ if [ "$1" -ge 1 ] ; then
/bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || :
fi
exit 0
+# Rollback SELinux rules
+semanage permissive -d httpd_t
%clean
3896
days inactive
3901
days old
1 comments
2 participants
participants (2)
-
Aline Manera -
Paulo Vital