-
Notifications
You must be signed in to change notification settings - Fork 7
Installation: Incorporating SELinux
acozine edited this page Jan 15, 2014
·
4 revisions
If you're using CentOS with SELinux, we recommend turning SELinux off during your installation process. If you've finished the installation and successfully transcoded and downloaded a file, you may want to reinstate SELinux. Here are our notes about how to configure it to work with HydraDAM.
- Edit /etc/sysconfig/selinux with
sudo vi /etc/sysconfig/selinux
and setSELINUX=enforcing
. - Confirm that you can turn SELinux on and off:
sudo getenforce
will return "enforcing" if SELinux is installed and running;sudo setenforce 0
temporarily turns SELinux off;sudo setenforce 1
turns it back on. - Install the SELinux development tools:
sudo yum install –y policycoreutils-python
- Update SELinux for the new mysql location (/opt/mysql). See more details here.
sudo semanage fcontext -a -t mysqld_db_t "/opt/mysql(/.*)?"
sudo restorecon -Rv /opt/mysql
- Enable passenger to work with SELinux:
- Switch SELinux off with
sudo setenforce 0
- Walk through SELinux log and generate new SELinux policy module
grep httpd /var/log/audit/audit.log | audit2allow -M passenger
- Install newly created SELinux module
semodule -i passenger.pp
- Switch SELinux back into enforcing mode
setenforce 1
- Switch SELinux off with
- Enable apache to work with SELinux:
sudo /usr/sbin/setsebool -P httpd_can_network_connect=1
- Set file context on the transcoding directories (/opt/storage and /opt/hydradam_tmp) for SELinux (do this as root)
sudo su
semanage fcontext -a -t httpd_sys_content_t "/opt/selinux(/.*)?"
restorecon -Rv /opt/selinux/
semanage fcontext -a -t httpd_sys_content_t "/opt/hydradam_tmp(/.*)?"
restorecon -Rv /opt/hydradam_tmp/
exit
- Turn SELinux on:
sudo setenforce 1
- Restart mysql, tomcat, and apache, then try again to upload a file