SELinux was enforcing on pkgs01.stg which lead to the error:
[Wed Jun 26 07:54:11.900689 2019] [:error] [pid 9465] File "/usr/lib/python2.7/site-packages/pagure/ui/repo.py", line 131, in view_repo [Wed Jun 26 07:54:11.900704 2019] [:error] [pid 9465] repo_obj.head.target, pygit2.GIT_SORT_NONE [Wed Jun 26 07:54:11.900758 2019] [:error] [pid 9465] OSError: failed to make directory '/srv/git/repositories/pseudo/main/rpms/osbs-client.git/.git/objects/50': Permission denied
when trying to access: https://src.stg.fedoraproject.org/rpms/osbs-client
Turning off SELinux solves that issue but this is not a long term acceptable solution.
I believe @arrfab has an SELinux policy for his deployment. We should at sharing this :)
Here are some links: * selinux policy file * compiled selinux policy * selinux included tasks for ansible-role-pagure * setype for where repositories are stored (also for cache from repospanner) and owner
Hope that it helps, but for sure we have selinux in enforcing mode on git.centos.org (and also git.stg.centos.org / git.dev.centos.org) :-)
This is finally done, pagure.io, stg.pagure.io and src.stg.fp.o are all running with SELinux enabled.
Only src.fp.o is left with it in permissive for now.
pkgs01 is now running with SELinux enforcing.
Let's close this one!
Metadata Update from @pingou: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.