You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airavata.apache.org by ma...@apache.org on 2021/01/22 22:06:18 UTC

[airavata] branch master updated: Ansible: enable SELinux httpd_tmp_exec

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git


The following commit(s) were added to refs/heads/master by this push:
     new 6663206  Ansible: enable SELinux httpd_tmp_exec
6663206 is described below

commit 6663206a81ddb1794e5ba09b09c0ca001a99c9b8
Author: Marcus Christie <ma...@iu.edu>
AuthorDate: Fri Jan 22 16:51:16 2021 -0500

    Ansible: enable SELinux httpd_tmp_exec
---
 dev-tools/ansible/roles/django/tasks/main.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/dev-tools/ansible/roles/django/tasks/main.yml b/dev-tools/ansible/roles/django/tasks/main.yml
index c819c14..007b448 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -251,6 +251,16 @@
   become: yes
   when: ansible_os_family == "RedHat"
 
+# some Python libraries want to write files to /tmp and execute them, see
+# https://bugzilla.redhat.com/show_bug.cgi?id=645193 for more details
+- name: Allow Django code to exec in tmp directory
+  seboolean:
+    name: httpd_tmp_exec
+    state: yes
+    persistent: yes
+  become: yes
+  when: ansible_os_family == "RedHat"
+
 - name: run restorecon on those directories
   command: restorecon -F -R {{ doc_root_dir }}
   become: yes