From 677ccf515ad27618bf370b65c4021003e04732de Mon Sep 17 00:00:00 2001 From: Macartur Sousa Date: Thu, 16 Apr 2015 15:12:36 -0300 Subject: [PATCH] Added permission to access static files noosfero --- cookbooks/noosfero/files/noosfero.te | 11 +++++++++++ cookbooks/noosfero/recipes/default.rb | 13 +++++++++++++ 2 files changed, 24 insertions(+), 0 deletions(-) create mode 100644 cookbooks/noosfero/files/noosfero.te diff --git a/cookbooks/noosfero/files/noosfero.te b/cookbooks/noosfero/files/noosfero.te new file mode 100644 index 0000000..35bb1a1 --- /dev/null +++ b/cookbooks/noosfero/files/noosfero.te @@ -0,0 +1,11 @@ + +module noosfero 1.0; + +require { + type initrc_tmp_t; + type httpd_t; + class file open; +} + +#============= httpd_t ============== +allow httpd_t initrc_tmp_t:file open; diff --git a/cookbooks/noosfero/recipes/default.rb b/cookbooks/noosfero/recipes/default.rb index a9e2a0e..875f156 100644 --- a/cookbooks/noosfero/recipes/default.rb +++ b/cookbooks/noosfero/recipes/default.rb @@ -66,3 +66,16 @@ template '/etc/nginx/conf.d/noosfero.conf' do source 'nginx.conf.erb' notifies :restart, 'service[nginx]' end + +############################################### +# SELinux: permission to access static files noosfero +################################################ + +cookbook_file '/etc/selinux/local/noosfero.te' do + notifies :run, 'execute[selinux-noosfero]' +end + +execute 'selinux-noosfero' do + command 'selinux-install-module /etc/selinux/local/noosfero.te' + action :nothing +end -- libgit2 0.21.2