recordsansible
/
ara-infra
Code Issues Proposed changes

Add missing map permission for gunicorn under selinux 

Resolves an AVC when gunicorn attempts to use the python3
interpreter from the virtualenv.

Change-Id: I0be8ebb0bad407e6f9aa9703db0d2a61026c87cd
This commit is contained in:
David Moreau Simard 2019-02-06 16:56:45 -05:00
parent 09ba06020d
commit 81c70774c8
No known key found for this signature in database
GPG Key ID: CBEB466764A9E621
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/ara_server/files/ara-gunicorn.te
View File

@ -4,11 +4,11 @@ require {
type var_lib_t;
type postgresql_db_t;
type init_t;
class file { execute execute_no_trans getattr open read };
class file { execute execute_no_trans getattr open read map };
class lnk_file { getattr read };
}
#============= init_t ==============
allow init_t postgresql_db_t:file { getattr open read };
allow init_t var_lib_t:file { execute execute_no_trans };
allow init_t var_lib_t:file { execute execute_no_trans map };
allow init_t var_lib_t:lnk_file { getattr read };