[Community] Buildout note
David G. Mackay
mackay_d at bellsouth.net
Wed Nov 15 14:53:47 EET 2006
On Wed, 2006-11-15 at 09:29 +0200, Kai Lautaportti wrote:
> I'm not a FC user myself, so could you tell me where exactly you had to
> do the "setsebool allow_execmod=1" thing and at what stage of the
> buildout (and possibly how zope failed before you did it).
FC6 installs with security enabled linux (selinux) in enforcing mode, by
default. Everything is fine during the actual run of build.py.
However, once you fire up Zope, and try to use the portal quickinstall
tool to install PrimaGIS in plone, there are problems. The first clue
is that the installation fails. The next is that you see a lot of
errors like:
Nov 12 14:30:27 vorpal kernel: audit(1163363427.393:31): avc: denied
{ execmod } for pid=8742 comm="python2.4" name="libgdal.so.1.10.0"
dev=dm-0 ino=49451046 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023
tcontext=user_u:object_r:usr_t:s0 tclass=file
being logged.
The setsebool command must be issued with root privileges so that the
installation of the various components in zope will succeed. So, I'd do
it before I cranked up zope for the first time. Then, after
everything's been installed in zope, I'd issue (from the command line,
BTW):
setsebool allow_execmod=0
> I would like to at least document this and see whether it should/could
> be something that the buildout could take care of.
Well, you'd have to get root privileges for that portion of the job.
Then, something like:
sresult=os.popen('getsebool allow_execmod').read()
should tell you whether you have selinux running and that the execmod
functions are being allowed, or not. sresult containing the string
'allow_execmod --> on' would indicate that the setsebool should be
issued. Since build.py is finished by the time you need to do it, you
might test, and print a warning.
Dave
More information about the Community
mailing list