summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYolanda Robla Mota <yroblamo@redhat.com>2016-07-21 13:17:38 +0200
committerYolanda Robla Mota <yroblamo@redhat.com>2016-07-22 08:57:46 +0200
commit8fa18ba136c2730a4c1c68887409a8ea64b6c881 (patch)
treee4f44e8ffb603e085573118654f2ba42f989a892
parentfba135de661d0ac970a09b9a5a25a0c6723f7c63 (diff)
Fix selinux problems on vhost
When running on CentOS, that problem still persists: when trying to access files under a vhost, apache was failing with Access denied because search permissions are missing. So running chcon on the docroot for each vhost Please note that this change was reverted before. That was caused by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT" to docroot argument of vhost. To avoid that failure, execute only the chcon call if docroot exists and is a directory. Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
Notes
Notes (review): Code-Review+2: Ricardo Carrillo Cruz <ricardo.carrillo.cruz@gmail.com> Code-Review+2: Monty Taylor <mordred@inaugust.com> Workflow+1: Monty Taylor <mordred@inaugust.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Fri, 12 Aug 2016 15:59:00 +0000 Reviewed-on: https://review.openstack.org/345349 Project: openstack-infra/puppet-httpd Branch: refs/heads/master
-rw-r--r--manifests/vhost.pp15
1 files changed, 15 insertions, 0 deletions
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index 86e4870..4a32853 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -72,6 +72,21 @@ define httpd::vhost(
72 httpd::mod { 'version': ensure => present } 72 httpd::mod { 'version': ensure => present }
73 } 73 }
74 74
75 # selinux may deny directory listing and access to subdirectories
76 # so update context to allow it
77 if $::osfamily == 'RedHat' {
78 if ! defined(Exec["update_context_${docroot}"]) {
79 exec { "update_context_${docroot}":
80 command => "chcon -R -t httpd_sys_content_t ${docroot}/",
81 unless => "ls -lZ ${docroot} | grep httpd_sys_content_t",
82 onlyif => "test -d ${docroot}",
83 path => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
84 require => Package['httpd'],
85 notify => Service['httpd'],
86 }
87 }
88 }
89
75 file { "${priority}-${name}.conf": 90 file { "${priority}-${name}.conf":
76 path => "${httpd::params::vdir}/${priority}-${name}.conf", 91 path => "${httpd::params::vdir}/${priority}-${name}.conf",
77 content => template($template), 92 content => template($template),