#7941 SELinux on pkgs01.stg
Opened 7 months ago by pingou. Modified 7 months ago

SELinux was enforcing on pkgs01.stg which lead to the error:

[Wed Jun 26 07:54:11.900689 2019] [:error] [pid 9465]   File "/usr/lib/python2.7/site-packages/pagure/ui/repo.py", line 131, in view_repo
[Wed Jun 26 07:54:11.900704 2019] [:error] [pid 9465]     repo_obj.head.target, pygit2.GIT_SORT_NONE
[Wed Jun 26 07:54:11.900758 2019] [:error] [pid 9465] OSError: failed to make directory '/srv/git/repositories/pseudo/main/rpms/osbs-client.git/.git/objects/50': Permission denied

when trying to access: https://src.stg.fedoraproject.org/rpms/osbs-client

Turning off SELinux solves that issue but this is not a long term acceptable solution.

I believe @arrfab has an SELinux policy for his deployment. We should at sharing this :)

Here are some links:
* selinux policy file
* compiled selinux policy
* selinux included tasks for ansible-role-pagure
* setype for where repositories are stored (also for cache from repospanner) and owner

Hope that it helps, but for sure we have selinux in enforcing mode on git.centos.org (and also git.stg.centos.org / git.dev.centos.org) :-)

Login to comment on this ticket.