openqa/server: use custom SELinux policy instead of boolean

Browse source

We've been using the httpd_can_network_connect boolean for years
to allow httpd to connect to the openQA server processes. This
is an unnecessarily large hammer when we only need it to be
able to connect to exactly the two openQA ports. This uses a
custom SELinux policy to allow connecting to those ports only,
and ensures the boolean is set back to off.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

...

This commit is contained in:

Adam Williamson 2021-12-14 15:48:34 -08:00

parent 67eb9bb288

commit edc4caa833

3 changed files with 31 additions and 6 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

BIN

roles/openqa/server/files/httpd-openqa.pp Normal file

View file

Binary file not shown.