Added hooks, policy and rakefile to install selinux policy for this plug... #121
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
change rakefile to install binary policy (redmine_git.pp) instead of
compiling source policy (redmine_git.te) before every
installation. New rake task added to recompile policy if necessary:
rake selinux:redmine_git_hosting:build_policy
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note that the following patch is subsumed (included in) the resilience patch, issue #124
This is a pull request for the 0.4.2 release that provides selinux support. I realize that we got off on the wrong foot. This is a great plugin -- hopefully you will accept this change. (Shouldn't alter behavior seen by non-selinux users).
I've given some pretty complete documentation, as well as a rakefile for setup. The bulk of the support is in a selinux subdirectory and in the tasks/selinux.rake file. The only substantive changes are that I've moved binaries to a bin directory in the plugin root and prevented modification of gitUser and ssh key directories in the settings page (but only when selinux operational). The lock file and other tmp file functionality is still in /tmp as before (although I've put them in /tmp/redmine_git_hosting/git_user subdirectory to handle case in which there are multiple redmine distributions with multiple gitolite repositories on the same machine, which is my use case).
I've updated the README.mkd file with a new selinux section.
Note that there is one new local string added to warn users that they cannot change those settings. It appears that all of the locals are in English except for the Portugese ones? At any rate, you might check my translation in pt.yml and pt-BR.yml, since I don't really know Portugese.
I hope that you will take this. It seems to work fine and might help users who are working in a selinux environment. Note that the rakefile will actually handle multiple, complete redmine + redmine_git_hosting installations simply by typing something like:
p.s. I believe that I have all of the selinux use-cases covered, but just in case I left the redmine_git_hosting binaries running in a permissive environment for now (can be fixed by commenting out line near top of selinux/redmine_git.te.