Closed
Description
ISSUE TYPE
- Documentation
COMPONENT NAME
- Installer
SUMMARY
selinux context needs updating for project_data_dir
ENVIRONMENT
- AWX version: 1.0.6.8 (applies to all versions ince project_data_dir added to inventory
- AWX install method: docker on linux
- Ansible version: 2.5.3
- Operating System: rhel 7.4
- Web Browser: chrome
STEPS TO REPRODUCE
I enabled the project_data_dir - to remove files being created in the container. This is a mount on the physical host. - project_data_dir=/var/lib/awx/projects
However the awx_task container was unable to write too it, permission denied. Selinux is set to enforcing.
install awx
login to container (docker exec -ti awx_task bash)
confirm file system is mounted.
touch /var/lib/awx/projects/test_file
EXPECTED RESULTS
file gets created
ACTUAL RESULTS
result permission denied.
ADDITIONAL INFORMATION
To fix this issue on the physical host run the following commands (replace path as appropriate)
- semanage fcontext -a -t svirt_sandbox_file_t "/var/lib/awx/projects(/.*)?"
- restorecon -r -v /var/lib/awx/projects/
I think it would be useful if the prereqs of the documentation was updated to point this out. Or installer takes care of it.