Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Split-off EPMD-related rules #16

Open
wants to merge 2 commits into
base: rawhide
Choose a base branch
from
Open

Split-off EPMD-related rules #16

wants to merge 2 commits into from

Conversation

lemenkov
Copy link
Contributor

Signed-off-by: Peter Lemenkov [email protected]

wrabcak
wrabcak reviewed Jun 7, 2017
View reviewed changes
epmd.if
@@ -0,0 +1,12 @@
interface(`epmd_query',`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand why this change is needed.

@lemenkov
Split-off EPMD-related rules
e7778ae 
Signed-off-by: Peter Lemenkov <[email protected]>
wrabcak
wrabcak requested changes Oct 17, 2017
View reviewed changes
ejabberd.te Outdated
@@ -31,12 +31,12 @@ auth_use_nsswitch(ejabberd_t)
corecmd_exec_bin(ejabberd_t)
corecmd_exec_shell(ejabberd_t)

corenet_tcp_bind_epmd_port(ejabberd_t)
epmd_query(rabbitmq_t)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have here rabbitmq_t domain, which mean that you allowing rules in this macro for rabbitmq_t instead of ejabberd_t, but I still don't understand why you create epmd_query() interface. Do you have some BZ for this?

@wrabcak wrabcak mentioned this pull request Oct 17, 2017
Open
@wrabcak wrabcak force-pushed the rawhide branch 2 times, most recently from c60cd73 to e269450 Compare January 4, 2018 10:32
@lemenkov
Fix typo
931870e 
This should be ejabberd_t not rabbitmq_t.

Signed-off-by: Peter Lemenkov <[email protected]>
@lemenkov
Copy link
Contributor Author

lemenkov commented Mar 12, 2018
edited
Loading

@wrabcak fixed ejabberd_t / rabbitmq_t typo. Thanks for pointing me on this.

Regarding your question about EPMD rules splitting off. It's a very generic application and the corresponding workflow is very similar for many other Erlang applications which require clustering. So better to split it off and reuse in dedicated *.te files, as I did for Ejabberd and RabbitMQ.

Also any *ctl scripts for these native Erlang clustering application will likely require interaction with EPMD as well (think of monitoring, logs rotation, and any other similar operations), so we'll need to add necessary rules as well. To avoid duplication we'd better to split off EPMD operations into its own generic interface (epmd_query).

Some Erlang applications won't require it. For example, CouchDB doesn't need it because it doesn't use native Erlang clustering.

@wrabcak
Copy link
Member

wrabcak commented Sep 2, 2018

Any update here?

@wrabcak wrabcak force-pushed the rawhide branch 2 times, most recently from f4d327c to 77dce4d Compare April 23, 2019 11:55
@fpoirotte
Copy link

Hi,

Any update on this PR & #15 ?

To give some context, these PR are meant to fix https://bugzilla.redhat.com/show_bug.cgi?id=1413775, which I'm currently facing as well. I don't know much about SELinux, but what would be needed to get these approved?

Regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wrabcak wrabcak wrabcak requested changes

Assignees

@lemenkov lemenkov

Labels
question
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lemenkov @wrabcak @fpoirotte