Documentation for SELinux package (#2401)

2020-12-16 16:25:50 +01:00 · 2020-12-16 16:25:50 +01:00 · cbb800cdba
commit cbb800cdba
parent 8eec53f8b8
4 changed files with 23 additions and 0 deletions
--- a/doc/sources/admin/installrpm.rst
+++ b/doc/sources/admin/installrpm.rst
@ -25,6 +25,7 @@ LemonLDAP::NG provides packages for Red Hat/Centos 7:
 -  lemonldap-ng-fastcgi-server: FastCGI server needed to use Nginx
 -  lemonldap-ng-nginx: contains Nginx configuration and dependencies
 -  lemonldap-ng-uwsgi-app: contains Uwsgi application
+-  lemonldap-ng-selinux: contains the SELinux policy for httpd
 -  perl-Lemonldap-NG-Common: CPAN - Shared modules
 -  perl-Lemonldap-NG-Handler: CPAN - Handler modules
 -  perl-Lemonldap-NG-Manager: CPAN - Manager modules
@ -124,6 +125,9 @@ If the packages are stored in a yum repository:

   yum install lemonldap-ng

+   # If you use SELinux
+   yum install lemonldap-ng-selinux
+
 You can also use yum on local RPMs file:

 ::
--- a/doc/sources/admin/quickstart.rst
+++ b/doc/sources/admin/quickstart.rst
@ -42,6 +42,8 @@ CentOS / RHEL
   yum update
   yum install epel-release
   yum install lemonldap-ng
+   # If you use SELinux
+   yum install lemonldap-ng-selinux

 SSO domain configuration
 ------------------------
--- a/doc/sources/admin/selinux.rst
+++ b/doc/sources/admin/selinux.rst
@ -4,11 +4,27 @@ SELinux
 To make LemonLDAP::NG work with SELinux, you may need to set up some
 options.

+SELinux policy package
+----------------------
+
+If you are using a RPM distribution and Apache as the web server, you need to
+install the ``lemonldap-ng-selinux`` package to configure SELinux context correctly ::
+
+   yum install lemonldap-ng-selinux
+
+.. note::
+   On CentOS 8 and Fedora, this is done automatically
+
+This package will not configure SELinux booleans, please read the next sections to see which booleans you need to enable manually
+
 Disk cache (sessions an configuration)
 --------------------------------------

 You need to set the correct context on the cache directory

+.. deprecated:: 2.0.10
+   this is now done by the ``lemonldap-ng-selinux`` package
+
 ::

   semanage fcontext --add -t httpd_cache_t -f a '/var/cache/lemonldap-ng(/.*)?'
--- a/doc/sources/admin/upgrade_2_0_x.rst
+++ b/doc/sources/admin/upgrade_2_0_x.rst
@ -23,6 +23,7 @@ backups and a rollback plan ready!
 - New dependency: IO::Socket::Timeout
 - TOTP check tolerates forward AND backward clock drift (totp2fRange)
 - Avoid assignment in expressions option is disabled by default
+- RHEL/CentOS SELinux users should install the new ``lemonldap-ng-selinux`` package to fix `an issue with the new default cache directory <https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2401>`__

 2.0.9
 -----