You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears at the moment that the docs largely say "don't try this, disable SELinux". However, disabling SELinux is not an option here, our IT department won't let us. So I set about getting it working.
First, create a new SELinux module for CodeRunner.
Place the attached file into /usr/share/selinux/targeted/coderunner.te.
(It's just plain text. I had to rename it with a ".txt" extension added on the end to make Github allow me to upload it here, remove the ".txt" off the end.
Thanks Jules. I'm happy to add a section to the install instructions on how to use SELinux. But Idon't wish to have to maintain the coderunner.te module or the associated instructions, as I don't use SELinux and would have no way of checking the validity of the instructions.
So would you be able to set up your own github repo containing just your SELinux file together with the instructions on how to use it, please? I can then add a section to the Jobe instructions with a heading like "Running Jobe on SELinux, which is essentially just a link to your repo.
It appears at the moment that the docs largely say "don't try this, disable SELinux". However, disabling SELinux is not an option here, our IT department won't let us. So I set about getting it working.
First, create a new SELinux module for CodeRunner.
Place the attached file into /usr/share/selinux/targeted/coderunner.te.
(It's just plain text. I had to rename it with a ".txt" extension added on the end to make Github allow me to upload it here, remove the ".txt" off the end.
coderunner.te.txt
Then compile and load the new module:
Set some booleans to enable various SELinux features to do with httpd:
Add some SELinux tags to make runguard uncontrolled, and to tell SELinux to use the /home/jobe dirs correctly:
You should then either be able to just reboot, or else just
to restart the relevant daemons.
This is the setup I run here on RHEL 9.
Cheers,
Jules.
The text was updated successfully, but these errors were encountered: