Fix selinux problems on vhost

When running on CentOS, that problem still persists: when trying to access files under a vhost, apache was failing with Access denied because search permissions are missing. So running chcon on the docroot for each vhost Please note that this change was reverted before. That was caused by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT" to docroot argument of vhost. To avoid that failure, execute only the chcon call if docroot exists and is a directory. Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
2016-07-21 13:17:38 +02:00 · 2016-07-21 13:17:38 +02:00 · 8fa18ba136
parent fba135de66
commit 8fa18ba136
1 changed files with 15 additions and 0 deletions
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@ -72,6 +72,21 @@ define httpd::vhost(
    httpd::mod { 'version': ensure => present }
  }

+  # selinux may deny directory listing and access to subdirectories
+  # so update context to allow it
+  if $::osfamily == 'RedHat' {
+    if ! defined(Exec["update_context_${docroot}"]) {
+      exec { "update_context_${docroot}":
+        command => "chcon -R -t httpd_sys_content_t ${docroot}/",
+        unless  => "ls -lZ ${docroot} | grep httpd_sys_content_t",
+        onlyif  =>  "test -d ${docroot}",
+        path    => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
+        require => Package['httpd'],
+        notify  => Service['httpd'],
+      }
+    }
+  }
+
  file { "${priority}-${name}.conf":
      path    => "${httpd::params::vdir}/${priority}-${name}.conf",
      content => template($template),