From 4faeb9570f1282645e53ed6cc050e40ee741021a Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Tue, 26 Aug 2014 08:25:38 -0400
Subject: [PATCH] Add SELinux policy for Horizon

httpd, due to Horizon,  needs SELinux policy to allow it to connect to
the various ports for the OpenStack services. We can add this policy by
setting the SELinux boolean httpd_can_network_connect.

Change-Id: I663e543ddb1738c5e2de40b37d5a0e697762feb4
Closes-Bug: 1361630
---
 .../os-refresh-config/configure.d/20-horizon-selinux   | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100755 elements/horizon/os-refresh-config/configure.d/20-horizon-selinux

diff --git a/elements/horizon/os-refresh-config/configure.d/20-horizon-selinux b/elements/horizon/os-refresh-config/configure.d/20-horizon-selinux
new file mode 100755
index 000000000..30bfbcb61
--- /dev/null
+++ b/elements/horizon/os-refresh-config/configure.d/20-horizon-selinux
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -eux
+set -o pipefail
+
+[ -x /usr/sbin/semanage ] || exit 0
+
+# https://bugs.launchpad.net/tripleo/+bug/1361630
+# https://bugzilla.redhat.com/show_bug.cgi?id=1133904
+setsebool -P httpd_can_network_connect 1