Set up SELinux

If SELinux is active on the server that runs your CollabNet TeamForge site, modify it to allow the services that TeamForge requires.

Pre-requisites to set up the SELinux environment:
  • TeamForge SELinux can be configured only for the TeamForge application server.
  • TeamForge SELinux supports RHEL/CentOS 7.0 or later versions.
  • In case of same server upgrade using RHEL/CentOS, it is recommended to upgrade the OS to RHEL/CentOS 7.0 or later versions.

  • Log on to the server as root user always.

  1. Stop TeamForge.
    • /etc/init.d/collabnet stop all
  2. Set SELinux to run in enforcing mode on the TeamForge application server.
    1. Edit the file /etc/sysconfig/selinux and set the parameter. 
      SELINUX=enforcing
    2. Turn off TeamForge startup on boot.
      • chkconfig collabnet off
    3. Reboot the server.
    4. Ensure that SELinux is running in enforcing mode.
      • getenforce
  3. Add the following site options token to the site-options.conf file on the TeamForge application server. 
    SELINUX_SETUP=true
  4. Run the following commands if Review Board is integrated with TeamForge.
    • semanage fcontext -a -t httpd_sys_rw_content_t "/opt/collabnet/reviewboard/data(/.*)?"
    • restorecon -R -v /opt/collabnet/reviewboard/data
    • semanage fcontext -a -t httpd_sys_rw_content_t "/u1/reviewboard(/.*)?"
    • restorecon -R -v /u1/reviewboard
    • semanage fcontext -a -t httpd_sys_rw_content_t "/opt/collabnet/teamforge/var/home/apache(/.*)?"
    • restorecon -R -v /opt/collabnet/teamforge/var/home/apache
  5. Before recreating runtime, remove pdk-root and pdk-sf-admin directories by running the following commands:
    • rm -rf /tmp/pdk-root
    • rm -rf /tmp/pdk-sf-admin
  6. Recreate the runtime environment.
    • cd /opt/collabnet/teamforge-installer/8.0.0.1
    • ./install.sh -r -I -V
  7. If your TeamForge site is running in advanced mode, start the external services by running the following commands.
    • Start the Apache server.
      • /etc/init.d/httpd start
    • If the TeamForge instance uses PostgreSQL database, start the PostgreSQL.
      • /etc/init.d/postgresql-9.3 start
  8. Start TeamForge.
    • /etc/init.d/collabnet start
  9. Fix the SELinux data permissions.
    • cd /opt/collabnet/teamforge/runtime/scripts
    • ./fix_data_selinux_permissions.sh
    Note: If your data directory is on a NetApp volume, you may observe some warning messages which can be ignored safely.
  10. Run the TeamForge post installation script. For more information, see post-install.py.
    • cd /opt/collabnet/teamforge/runtime/scripts
    • ./post-install.py
Parent topic: Protect your CollabNet TeamForge site