How do I get SimpleRisk to work with SELinux?

SimpleRisk requires the following SELinux Booleans to be enabled:

httpd_read_user_content

For native password reset functionality and/or the Notifications Extra, the following Boolean is needed in addition to appropriate SMTP configuration updates within php.ini:

httpd_can_sendmail

If hosting SimpleRisk Apache and MySQL instances on separate machines, the following Boolean is needed to permit database connectivity from the web tier:

httpd_can_network_connect

As root, these Booleans can be set with the setsebool command in Linux, e.g.:

setsebool -P <Boolean_name>=1

To validate the current configuration of SELinux Booleans, use getsebool, e.g.:

getsebool -a | grep <Boolean_name>

To summarize, these are the SELinux Booleans that are turned on for httpd to work on a SimpleRisk application server:

httpd_builtin_scripting
httpd_can_network_connect
httpd_can_sendmail
httpd_dbus_avahi
httpd_enable_cgi
httpd_read_user_content
httpd_tty_comm
httpd_unified

All of these SELinux Booleans should be able to be turned off:

allow_httpd_anon_write
allow_httpd_mod_auth_ntlm_winbind
allow_httpd_mod_auth_pam
allow_httpd_sys_script_anon_write
httpd_can_check_spam
httpd_can_network_connect_cobbler
httpd_can_network_connect_db
httpd_can_network_memcache
httpd_can_network_relay
httpd_dbus_sssd
httpd_enable_ftp_server
httpd_enable_homedirs
httpd_execmem
httpd_manage_ipa
httpd_run_preupgrade
httpd_run_stickshift
httpd_serve_cobbler_files
httpd_setrlimit
httpd_ssi_exec
httpd_tmp_exec
httpd_use_cifs
httpd_use_fusefs
httpd_use_gpg
httpd_use_nfs
httpd_use_openstack
httpd_verify_dns
named_bind_http_port

How do I get SimpleRisk to work with SELinux?

While officially we can only support SimpleRisk as an application, and not as it operates with every imaginable OS configuration, Matthew Frick was kind enough to put together some instructions on how he got it to work with SELinux. They are provided here for your reference: