

TeamForge SELinux Policies
TeamForge implements SELinux policies for most of its services such as JBoss, Apache, ETL, Tomcat and so on. However, you can use these instructions to revert these policies (not recommended) if required.
Here’s a list of SELinux modules that are implemented (use the semodule -l|grep tf_
command to see the list of TeamForge SELinux modules):
- tf_apache
- tf_branding
- tf_cvs
- tf_daemon-base
- tf_etl
- tf_integration-base
- tf_jboss
- tf_phoenix
- tf_postgresql
- tf_runtime-base
- tf_subversion
- tf_tomcat
While you can revert these policies, you can contact CollabNet Support to get help in fixing the issue with TeamForge SELinux policies.
- To Revert the TeamForge SELinux Policies:
/opt/collabnet/teamforge/runtime/scripts/fix_data_selinux_permissions.sh
- If JBoss is using agents such as takipi, run the following command to apply selinux context for the takipi agent:
semanage fcontext --add -t tf_jboss_rw_t '/opt/takipi(/.*)?' restorecon -R /opt/takipi
Do This If SELinux Is disabled
Verify SELinux mode using getenforce
command. Do this if you have SELinux running in disabled
mode.
-
Stop TeamForge.
Important: Stop TeamForge on all the servers in a distributed setup.- If you are upgarding from TeamForge 16.7 or earlier releases:
/etc/init.d/collabnet stop
- If you are upgrading from TeamForge 16.10, 17.1, or 17.4 releases:
/opt/collabnet/teamforge/bin/teamforge stop
- If you are upgrading from TeamForge 17.8 or later releases:
teamforge stop
- If you are upgarding from TeamForge 16.7 or earlier releases:
- Edit the file
/etc/sysconfig/selinux
and setSELINUX=enforcing
. - Turn off TeamForge startup on boot.
chkconfig collabnet off
- Reboot the server and verify if SELInux is set to
enforcing
mode.getenforce
- Turn on TeamForge startup on boot.
chkconfig collabnet on
- Apply TeamForge SELinux policies.
teamforge apply-selinux
- Provision services.
teamforge provision
Do This If SELinux Is permissive
Verify SELinux mode using getenforce
command. Do this if you have SELinux running in permissive
mode.
- Set SELinux to run in
enforcing
mode again.setenforce 1
- Restart TeamForge.
teamforge restart
[]: