From: Francesco Vollero fvollero@redhat.com
With this patch we get a more easy and "invisible" way to set the bool in selinux to activate httpd_can_network_connect just after the installation of the rpm, allowing aeolus-configure to have it just working.
If this patch gonna be ack'd we should remove the puppet recipe that was activating it with aeolus-configure. --- aeolus-conductor.spec.in | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/aeolus-conductor.spec.in b/aeolus-conductor.spec.in index e5f7d62..7fb095b 100644 --- a/aeolus-conductor.spec.in +++ b/aeolus-conductor.spec.in @@ -64,6 +64,7 @@ Requires: %{name} = %{version}-%{release} Requires: httpd >= 2.0 Requires: rubygem(thin) >= 1.2.5 Requires(post): chkconfig +Requires(post): /usr/sbin/setsebool, /usr/sbin/selinuxenabled Requires(preun): chkconfig Requires(preun): initscripts
@@ -277,6 +278,10 @@ if [ ! -d %{app_root}/app ]; then fi
%post daemons +# Activate httpd_can_network_connect (for httpd mod_proxy module) +if /usr/sbin/selinuxenabled ; then + /usr/sbin/setsebool -P httpd_can_network_connect 1 2>/dev/null +fi # Register the services /sbin/chkconfig --add aeolus-conductor /sbin/chkconfig --add conductor-dbomatic