icingaweb2-selinux misses httpd-can-connect-icinga2-api seboolean
mocdaniel opened this issue · 0 comments
Describe the bug
On Oracle Linux 8.9, the package icingaweb2-selinux in Version 2.12.1-1 doesn't contain the seboolean httpd_can_connect_icinga2_api which is needed for e.g. director deployments.
Instead, the boolean seems to be shipped with the icinga2-selinux package.
Is this a mistake? It's very well possible that the system that hosts Icinga Web doesn't have Icinga installed, so there wouldn't be icinga2-selinux installed, either.
We also spotted a few other sebooleans seemingly missing from the icingaweb2-selinux package, e.g. httpd_can_write_icinga2_command.
To Reproduce
- Install
icingaweb2andicingaweb2-selinuxon an Oracle Linux system - See the policies being missing:
getsebool -a | grep icinga - Install
icinga2-selinux(it will also install other, unneeded dependencies) - See the policies have been added:
getsebool -a | grep icinga
Expected behavior
All sebooleans needed for Icinga Web/httpd to communicate with Icinga should be shipped with the icingaweb2-selinux package
Your Environment
Include as many relevant details about the environment you experienced the problem in
- Icinga Web 2 version and modules (System - About):
- Icinga Web: 2.12.1
- Director: 1.11.0
- Web browser used: Chrome
- Icinga 2 version used (
icinga2 --version): 2.14.0 - PHP version used (
php --version): 7.2.24 - Server operating system and version: Oracle Linux 8.9