Fix selinux problems on vhost

When running on CentOS, that problem still persists: when trying
to access files under a vhost, apache was failing with
Access denied because search permissions are missing.

So running chcon on the docroot for each vhost

Please note that this change was reverted before. That was caused
by puppet-cgit sending a dummy location "MEANINGLESS ARGUMENT"
to docroot argument of vhost. To avoid that failure, execute only
the chcon call if docroot exists and is a directory.

Change-Id: I4ab7d4cc6d2115bd8f980be7f14a6a4557ffeb87
This commit is contained in:
Yolanda Robla Mota 2016-07-21 13:17:38 +02:00
parent fba135de66
commit 8fa18ba136

View File

@ -72,6 +72,21 @@ define httpd::vhost(
httpd::mod { 'version': ensure => present } httpd::mod { 'version': ensure => present }
} }
# selinux may deny directory listing and access to subdirectories
# so update context to allow it
if $::osfamily == 'RedHat' {
if ! defined(Exec["update_context_${docroot}"]) {
exec { "update_context_${docroot}":
command => "chcon -R -t httpd_sys_content_t ${docroot}/",
unless => "ls -lZ ${docroot} | grep httpd_sys_content_t",
onlyif => "test -d ${docroot}",
path => '/bin:/usr/bin:/usr/local/bin:/usr/sbin',
require => Package['httpd'],
notify => Service['httpd'],
}
}
}
file { "${priority}-${name}.conf": file { "${priority}-${name}.conf":
path => "${httpd::params::vdir}/${priority}-${name}.conf", path => "${httpd::params::vdir}/${priority}-${name}.conf",
content => template($template), content => template($template),