This is an automated email from the ASF dual-hosted git repository.
machristie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/master by this push:
new 6663206 Ansible: enable SELinux httpd_tmp_exec
6663206 is described below
commit 6663206a81ddb1794e5ba09b09c0ca001a99c9b8
Author: Marcus Christie <[email protected]>
AuthorDate: Fri Jan 22 16:51:16 2021 -0500
Ansible: enable SELinux httpd_tmp_exec
---
dev-tools/ansible/roles/django/tasks/main.yml | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/dev-tools/ansible/roles/django/tasks/main.yml
b/dev-tools/ansible/roles/django/tasks/main.yml
index c819c14..007b448 100644
--- a/dev-tools/ansible/roles/django/tasks/main.yml
+++ b/dev-tools/ansible/roles/django/tasks/main.yml
@@ -251,6 +251,16 @@
become: yes
when: ansible_os_family == "RedHat"
+# some Python libraries want to write files to /tmp and execute them, see
+# https://bugzilla.redhat.com/show_bug.cgi?id=645193 for more details
+- name: Allow Django code to exec in tmp directory
+ seboolean:
+ name: httpd_tmp_exec
+ state: yes
+ persistent: yes
+ become: yes
+ when: ansible_os_family == "RedHat"
+
- name: run restorecon on those directories
command: restorecon -F -R {{ doc_root_dir }}
become: yes
