1277312 – Define types for ports 9526 and 9527 (used by openQA)

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1277312 - Define types for ports 9526 and 9527 (used by openQA)

Summary: Define types for ports 9526 and 9527 (used by openQA)

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	23
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Lukas Vrabec
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-11-03 01:22 UTC by Adam Williamson
Modified:	2016-02-17 03:50 UTC (History)
CC List:	6 users (show)
Fixed In Version:	selinux-policy-3.13.1-158.5.fc23 selinux-policy-3.13.1-158.6.fc23
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-02-17 03:50:22 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1304882	0	medium	CLOSED	Review Request: openqa - OS-level automated test framework and web UI	2022-05-16 11:32:56 UTC

Internal Links: 1304882

Description Adam Williamson 2015-11-03 01:22:41 UTC

So I'm working on packaging openQA for Fedora ATM. openQA has its own daemon which runs on ports 9526 and 9527 (9527 for WebSockets) and it expects you to set up a regular web server (Apache or nginx) to reverse proxy it. (This style seems somewhat common for non-PHP webapps). Of course, that means the web server has to be allowed to connect to the daemon, something which is disallowed by default.

It seems that policy modules cannot apply types to ports, so I need the distro policy to define types for these ports, if possible. Thanks! We'd also want a policy allowing web servers to connect to those ports, but I could ship that bit of policy in the openQA package if that would make more sense.

If you want to see where these ports are specified:

https://github.com/os-autoinst/openQA/blob/master/script/openqa
https://github.com/os-autoinst/openQA/blob/master/script/openqa-websockets

openQA is based on the Mojolicious framework, which uses the MOJO_LISTEN environment variable to decide what port to listen on; here, openQA is setting that variable to 9526 (openqa) or 9527 (openqa-websockets) so long as the admin hasn't overridden it when launching those scripts.

Comment 1 Adam Williamson 2015-12-15 19:37:02 UTC

ping? folks?

Comment 2 Adam Williamson 2016-02-04 22:00:29 UTC

echo...

Comment 3 Daniel Walsh 2016-02-08 20:03:13 UTC

Lukas can you give this bug a look?

Comment 4 Lukas Vrabec 2016-02-09 09:13:57 UTC

Hi Adam,

I can label for your these ports and then you can create own custom policy where you allow this rules for your needs. 

Do you agree? 

Names for ports 'openqa' and 'openqa-websockets' are fine to me.

Comment 5 Adam Williamson 2016-02-09 16:29:56 UTC

yep, I plan to write a policy for the package, but the ports cannot be labelled in an external policy package, they have to be done in selinux-policy :) those names are fine, thanks!

Comment 6 Fedora Update System 2016-02-11 14:21:21 UTC

selinux-policy-3.13.1-158.6.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-36a160982c

Comment 7 Fedora Update System 2016-02-14 16:23:19 UTC

selinux-policy-3.13.1-158.6.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-36a160982c

Comment 8 Fedora Update System 2016-02-17 03:49:49 UTC

selinux-policy-3.13.1-158.6.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.