{"id":28396572,"url":"https://github.com/pulp/pulpcore-selinux","last_synced_at":"2025-08-20T18:26:07.358Z","repository":{"id":38188806,"uuid":"212342563","full_name":"pulp/pulpcore-selinux","owner":"pulp","description":"A Pulp 3 SELinux policy","archived":false,"fork":false,"pushed_at":"2025-06-24T13:09:45.000Z","size":99,"stargazers_count":4,"open_issues_count":10,"forks_count":14,"subscribers_count":12,"default_branch":"main","last_synced_at":"2025-06-24T14:25:41.521Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://pulpproject.org","language":"Makefile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pulp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-10-02T12:59:23.000Z","updated_at":"2025-06-24T13:09:50.000Z","dependencies_parsed_at":"2025-01-13T15:37:21.087Z","dependency_job_id":"8e0414ca-5274-491e-b5f7-de3b958a6fe3","html_url":"https://github.com/pulp/pulpcore-selinux","commit_stats":null,"previous_names":[],"tags_count":22,"template":false,"template_full_name":null,"purl":"pkg:github/pulp/pulpcore-selinux","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulpcore-selinux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulpcore-selinux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulpcore-selinux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulpcore-selinux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pulp","download_url":"https://codeload.github.com/pulp/pulpcore-selinux/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulpcore-selinux/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271362586,"owners_count":24746510,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-20T02:00:09.606Z","response_time":69,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-31T22:12:34.961Z","updated_at":"2025-08-20T18:26:07.349Z","avatar_url":"https://github.com/pulp.png","language":"Makefile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pulpcore-selinux\n\nThe SELinux policy for Pulp 3.Y releases.\n\n## Building\n\n```\nsudo yum install -y selinux-policy-devel policycoreutils\ngit clone https://github.com/pulp/pulpcore-selinux\ncd pulpcore-selinux\n\nmake -f /usr/share/selinux/devel/Makefile pulpcore_port.pp\nmake -f /usr/share/selinux/devel/Makefile pulpcore.pp\nmake -f /usr/share/selinux/devel/Makefile pulpcore_rhsmcertd.pp\n```\n\n## Installing\n\n```\nsudo semodule -i pulpcore_port.pp\nsudo semodule -i pulpcore.pp\nsudo semodule -i pulpcore_rhsmcertd.pp\n```\n\n## Labeling pulpcore\\_port\n\n**Required**: You must label ports used by Pulp with `pulpcore_port_t` so that the proper type is assigned to the ports and Pulp is allowed to communicate on with the network correctly.\n\nApply the `pulpcore_port_t` SELinux type to ports 24816 and 24817 with:\n\n`sudo semanage port -a -t pulpcore_port_t -p tcp 24816-24817`\n\n\n## Uninstalling\n\nUninstall in the following order:\n\n```\nsudo semanage port -d -t pulpcore_port_t -p tcp 24816-24817\nsudo semodule -r pulpcore_rhsmcertd\nsudo semodule -r pulpcore\nsudo semodule -r pulpcore_port\n```\n\n# Additional configuration\n\n## Adding support for remote repos running on custom ports\n\n**Optional** By default, pulp is allowed to connect to web servers running on several standard or semi-standard ports: `80, 81, 443, 488, 8008, 8009, 8443, 9000`.\n\nIf any of the remote repos you are trying to connect to are hosted on non-standard\nHTTP/HTTPS ports, you can configure Pulp to be able to talk to them like in the following example\nfor port `10011`.\n\n`sudo semanage port -a -t http_port_t -p tcp 10011`\n\n## Adding support for proxy servers running on custom ports\n\n**Optional** By default, pulp is allowed to connect to web proxy servers on several standard or semi-standard ports: `3128, 3401, 4827, 8080, 8118, 8123, 10001-10010`.\n\nIf Pulp is configured to use a proxy server (in order to talk to remote repos), but the proxy\nserver is on a non-standard port, you can configure Pulp to be able to talk to them like in the\nfollowing example for port `10012`.\n\n`sudo semanage port -a -t http_cache_port_t -p tcp 10012`\n\n**NOTE**: If you get the following error:\n\n`ValueError: Port tcp/10012 already defined`\n\nThat means that the port number is already labelled for some other purpose by SELinux. No change was\nmade to your system. Run this command instead (substitute `http_port_t` for remote repos):\n\n`sudo semanage port -m -t http_cache_port_t -p tcp 10012`\n\n**NOTE**: Technically Pulp can talk to any remote repo or proxy server running on any SELinux-recognized\nports for web servers or for proxy servers. (They are effectively one cumulative list.)\n\n**NOTE**: To see the complete list of these ports currently recognized on your system, run:\n`sudo semanage port -l | grep -E \"^http_port_t|^http_cache_port_t|^squid_port_t\" | grep tcp`\n\n# Development\n\n## Release Process\n\nSee the [Release Guide](docs/dev/guides/release.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulpcore-selinux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpulp%2Fpulpcore-selinux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulpcore-selinux/lists"}