Enable selinux httpd_var_run_t target for unicorn socket.

Jdesk · Jun 24, 2015 · 3515771 · 3515771
1 parent 732ca38
commit 3515771
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/deploy/definitions/opsworks_deploy_dir.rb b/deploy/definitions/opsworks_deploy_dir.rb
@@ -19,4 +19,15 @@
     end
   end
 
+  bash "Enable selinux httpd_var_run_t target for unicorn socket" do
+    dir_path_socket = "#{params[:path]}/shared/sockets"
+    context = "httpd_var_run_t"
+
+    user "root"
+    code <<-EOH
+    semanage fcontext --add --type #{context} "#{dir_path_socket}(/.*)?" && restorecon -rv "#{dir_path_socket}"
+    EOH
+    not_if { OpsWorks::ShellOut.shellout("/usr/sbin/semanage fcontext -l") =~ /^#{Regexp.escape("#{dir_path_socket}(/.*)?")}\s.*\ssystem_u:object_r:#{context}:s0/ }
+    only_if { platform_family?("rhel") && ::File.exist?("/usr/sbin/getenforce") && OpsWorks::ShellOut.shellout("/usr/sbin/getenforce").strip == "Enforcing" }
+  end
 end