Skip to content

Installation: Incorporating SELinux

acozine edited this page Jan 15, 2014 · 4 revisions

If you're using CentOS with SELinux, we recommend turning SELinux off during your installation process. If you've finished the installation and successfully transcoded and downloaded a file, you may want to reinstate SELinux. Here are our notes about how to configure it to work with HydraDAM.

  1. Edit /etc/sysconfig/selinux with sudo vi /etc/sysconfig/selinux and set SELINUX=enforcing.
  2. Confirm that you can turn SELinux on and off: sudo getenforce will return "enforcing" if SELinux is installed and running; sudo setenforce 0 temporarily turns SELinux off; sudo setenforce 1 turns it back on.
  3. Install the SELinux development tools: sudo yum install –y policycoreutils-python
  4. Update SELinux for the new mysql location (/opt/mysql). See more details here.
    sudo semanage fcontext -a -t mysqld_db_t "/opt/mysql(/.*)?"
    sudo restorecon -Rv /opt/mysql
  5. Enable passenger to work with SELinux:
    1. Switch SELinux off with sudo setenforce 0
    2. Walk through SELinux log and generate new SELinux policy module
      grep httpd /var/log/audit/audit.log | audit2allow -M passenger
    3. Install newly created SELinux module semodule -i passenger.pp
    4. Switch SELinux back into enforcing mode setenforce 1
  6. Enable apache to work with SELinux: sudo /usr/sbin/setsebool -P httpd_can_network_connect=1
  7. Set file context on the transcoding directories (/opt/storage and /opt/hydradam_tmp) for SELinux (do this as root)
sudo su
semanage fcontext -a -t httpd_sys_content_t "/opt/selinux(/.*)?"
restorecon -Rv /opt/selinux/
semanage fcontext -a -t httpd_sys_content_t "/opt/hydradam_tmp(/.*)?"
restorecon -Rv /opt/hydradam_tmp/
exit
  1. Turn SELinux on: sudo setenforce 1
  2. Restart mysql, tomcat, and apache, then try again to upload a file
Clone this wiki locally