Set up SELinux

If SELinux is active on the server that runs your TeamForge site, modify it to allow the services that TeamForge requires.

Pre-requisites to set up the SELinux environment:

Log on to the server as root user always.

  1. Stop TeamForge.
    • /etc/init.d/collabnet stop all
  2. Set SELinux to run in enforcing mode on the TeamForge application server.
    1. Edit the file /etc/sysconfig/selinux and set SELINUX=enforcing.
    2. Turn off TeamForge startup on boot.
      • chkconfig collabnet off
    3. Reboot the server.
    4. Ensure that SELinux is running in enforcing mode.
      • getenforce
  3. Make sure that the SELINUX_SETUP site options token is set to true in the site-options.conf file of the TeamForge application server. 
    SELINUX_SETUP=true
  4. Run the grep command to get the value of rb_dir and rb_data_dir.
    • grep rb_dir /etc/reviewboard.properties
    • grep rb_data_dir /etc/reviewboard.properties
  5. Run the following commands if Review Board is integrated with TeamForge.
    • semanage fcontext -a -t httpd_sys_rw_content_t "<rb_data_dir>(/.*)?"
    • restorecon -R -v <rb_data_dir>
    • semanage fcontext -a -t httpd_sys_rw_content_t "<rb_dir>(/.*)?"
    • restorecon -R -v <rb_dir>
    • semanage fcontext -a -t httpd_sys_rw_content_t "/opt/collabnet/teamforge/var/home/apache(/.*)?"
    • restorecon -R -v /opt/collabnet/teamforge/var/home/apache
  6. Before recreating runtime, remove pdk-root and pdk-sf-admin directories by running the following commands.
    • rm -rf /tmp/pdk-root
    • rm -rf /tmp/pdk-sf-admin
  7. Create the runtime environment.
    • /opt/collabnet/teamforge/installer/install.sh
  8. Start TeamForge.
    • /etc/init.d/collabnet start
  9. Fix the SELinux data permissions.
    • cd /opt/collabnet/teamforge/runtime/scripts/
    • ./fix_data_selinux_permissions.sh
    Note: If your data directory is on a NetApp volume, you may observe some warning messages which can be ignored safely.
Parent topic: Protect your CollabNet TeamForge site