Most recent linux distros come pre-configured with SELinux enabled.
Many seasoned admins configure internal linux machines (e.g. render nodes)
with SELinux disabled, as typically they don't need or want the NSA level
enhanced security that it provides; unix permissions are usually sufficient.
Rush should operate just fine with SELinux enabled.
However, www-rush (the cgi-bin script) needs some extra config if you want
Apache to run with SElinux enabled. Otherwise, all the www-rush report buttons
("All Jobs", "Hosts", etc) give a "Permission denied" error inside the www-rush
interface.
To use www-rush with SELinux enabled, just run this command (as root)
to prevent the "Permission denied" errors:
chcon -t httpd_sys_script_exec_t /usr/local/rush/bin/rush
This allows the 'rush' executable to be run as a cgi-bin script
without tripping up on SELinux security.
'chcon' can be described as the SELinux equivalent of the 'chmod' or 'chown'
commands; it changes the SELinux security attributes of a file, in this case
the 'rush' executable.
Questions/comments welcome.
|