7.8.5. Configuring the Standard SELinux Boolean Variables
The standard SELinux policy requires correct configuration of variables for the broker application. Configure these variables using:
# setsebool -P httpd_unified=on httpd_execmem=on httpd_can_network_connect=on httpd_can_network_relay=on httpd_run_stickshift=on named_write_master_zones=on allow_ypbind=on| Boolean Variable | Purpose |
|---|---|
httpd_unified | Allow the broker to write files in the http file context. |
httpd_execmem | Allow httpd processes to write to and execute the same memory. This capability is required by Passenger (used by both the broker and the console) and by The Ruby Racer/V8 (used by the console). |
httpd_can_network_connect | Allow the broker application to access the network. |
httpd_can_network_relay | Allow the SSL termination Apache instance to access the back-end broker application. |
httpd_run_stickshift | Enable Passenger-related permissions. |
named_write_master_zones | Allow the broker application to configure DNS. |
allow_ypbind | Allow the broker application to use ypbind to communicate directly with the name server. |
Next, relabel the required files and directories with the correct SELinux contexts:
# fixfiles -R ruby193-rubygem-passenger restore# fixfiles -R ruby193-mod_passenger restore# restorecon -rv /var/run# restorecon -rv /opt
Note
If you use the kickstart or bash script, the
configure_selinux_policy_on_broker function performs these steps.
