Download as
Browse Code »

Commit 32cc1fa16c4869f92a9c463e656be91b3b2ccc2d

Authored by Macartur Sousa
1 parent 79ecf618
Exists in master and in 67 other branches 3.x, add_you_are_here_breadcrumbs_label, api_for_colab, backup, backup_not_prod, button_suspension_points_remove, cdtc_configuration, create_institution_bootstrap_modal, design_validation, dev-lappis, dev_env_minimal, disable_email_dev, docs, fix_edit_institution, fix_edit_software_with_another_license, fix_list_style_inside_article, fix_members_pagination, fix_models_translations, fix_no_license, fix_software_api, fix_software_block_migration, fix_validations_and_tests, focus_search_field_theme, gov-user-refactoring, gov-user-refactoring-rails4, header_fix, institution_modal_on_rating, kalibro-conf-refactoring, kalibro-processor-package, lxc, mailinglist_page_title, margin_fix, mezuro_cookbook, organization_rating_style_changes, performance, prezento, r3, refactor_software_communities, refactor_software_for_sisp, register_page, release-process, release-process-v2, remove-unused-images, remove_backup_emails, remove_secondary_email_from_user, removing_super_archives_email, review_message, scope2method, signals_user_noosfero, sisp_colab_config, sisp_dev, sisp_dev_master, sisp_simple_version, software_as_organization, software_catalog_style_fix, software_catalog_style_fixes, spb_minimal_env, spec_refactor, stable-4.x, stable-devel, support_docs, syslog, temp_soft_comm_refactoring, thread_dropdown, thread_page, update_software_api, update_softwares_boxes

Added Selinux permissions to allow key deploy

Showing 3 changed files with 50 additions and 0 deletions   Show diff stats
cookbooks/gitlab/files/gitlab.te 0 → 100644
  Diff comments   View file @32cc1fa
... ... @@ -0,0 +1,11 @@
  1 +
  2 +module gitlab 1.0;
  3 +
  4 +require {
  5 + type initrc_tmp_t;
  6 + type ssh_keygen_t;
  7 + class file open;
  8 +}
  9 +
  10 +#============= ssh_keygen_t ==============
  11 +allow ssh_keygen_t initrc_tmp_t:file open;
... ...
cookbooks/gitlab/files/nginx.te 0 → 100644
  Diff comments   View file @32cc1fa
... ... @@ -0,0 +1,12 @@
  1 +
  2 +module nginx 1.0;
  3 +
  4 +require {
  5 + type httpd_t;
  6 + type unreserved_port_t;
  7 + class tcp_socket name_connect;
  8 +}
  9 +
  10 +#============= httpd_t ==============
  11 +allow httpd_t unreserved_port_t:tcp_socket name_connect;
  12 +allow httpd_t http_cache_port_t:tcp_socket name_connect;
... ...
cookbooks/gitlab/recipes/default.rb
  Diff comments   View file @32cc1fa
... ... @@ -78,3 +78,30 @@ service 'gitlab' do
78 78 action :enable
79 79 supports :restart => true
80 80 end
  81 +
  82 +
  83 +####################################################
  84 +# SELinux: allow gitlab to use '/tmp'
  85 +####################################################
  86 +
  87 +cookbook_file '/etc/selinux/local/gitlab.te' do
  88 + notifies :run, 'execute[selinux-gitlab]'
  89 +end
  90 +execute 'selinux-gitlab' do
  91 + command 'selinux-install-module /etc/selinux/local/gitlab.te'
  92 + action :nothing
  93 +end
  94 +
  95 +
  96 +####################################################
  97 +# SELinux: allow nginx to use gitlab upstream
  98 +####################################################
  99 +
  100 +cookbook_file '/etc/selinux/local/nginx.te' do
  101 + notifies :run, 'execute[selinux-nginx]'
  102 +end
  103 +execute 'selinux-nginx' do
  104 + command 'selinux-install-module /etc/selinux/local/nginx.te'
  105 + action :nothing
  106 +end
  107 +
... ...