Fix selinux problems on vhost
When running on CentOS, that problem still persists: when trying to access files under a vhost, apache was failing with Access denied because search permissions are missing. So running chcon on the docroot for each vhost Please note that this change was reverted before. That was caused by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT" to docroot argument of vhost. To avoid that failure, execute only the chcon call if docroot exists and is a directory. Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
This commit is contained in:
parent
fba135de66
commit
8fa18ba136
@ -72,6 +72,21 @@ define httpd::vhost(
|
|||||||
httpd::mod { 'version': ensure => present }
|
httpd::mod { 'version': ensure => present }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# selinux may deny directory listing and access to subdirectories
|
||||||
|
# so update context to allow it
|
||||||
|
if $::osfamily == 'RedHat' {
|
||||||
|
if ! defined(Exec["update_context_${docroot}"]) {
|
||||||
|
exec { "update_context_${docroot}":
|
||||||
|
command => "chcon -R -t httpd_sys_content_t ${docroot}/",
|
||||||
|
unless => "ls -lZ ${docroot} | grep httpd_sys_content_t",
|
||||||
|
onlyif => "test -d ${docroot}",
|
||||||
|
path => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
|
||||||
|
require => Package['httpd'],
|
||||||
|
notify => Service['httpd'],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
file { "${priority}-${name}.conf":
|
file { "${priority}-${name}.conf":
|
||||||
path => "${httpd::params::vdir}/${priority}-${name}.conf",
|
path => "${httpd::params::vdir}/${priority}-${name}.conf",
|
||||||
content => template($template),
|
content => template($template),
|
||||||
|
Loading…
Reference in New Issue
Block a user