alihan/fn-serverless
1
0
Fork 0
mirror of https://github.com/fnproject/fn.git synced 2022-10-28 21:29:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

Documentation notes about running Fn on SELinux systems (#507)

Browse Source 
Documentation notes about running Fn on SELinux systems
This commit is contained in:
Dario Domizioli
2017-12-01 15:55:00 +00:00
committed by GitHub
parent 84e95096d4
commit b083390d6b
3 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -32,7 +32,7 @@ The command line tool isn't required, but it sure makes things a lot easier. The
#### 1. Homebrew - MacOS #### 1. Homebrew - MacOS
If you're on a Mac and use [Homebrew](https://brew.sh/), this one is for you: If you're on a Mac and use [Homebrew](https://brew.sh/), this one is for you:
```sh ```sh
brew install fn brew install fn
@@ -62,7 +62,8 @@ fn start
This will start Fn in single server mode, using an embedded database and message queue. You can find all the This will start Fn in single server mode, using an embedded database and message queue. You can find all the
configuration options [here](docs/operating/options.md). If you are on Windows, check [here](docs/operating/windows.md). configuration options [here](docs/operating/options.md). If you are on Windows, check [here](docs/operating/windows.md).
If you are on a Linux system where the SELinux security policy is set to "Enforcing", such as OEL7.x, check
[here](docs/operating/selinux.md).
### Your First Function ### Your First Function

6
docs/operating/options.md
View File

@@ -2,7 +2,7 @@
## Default run command for production ## Default run command for production
This will run with docker in docker. This will run with docker in docker.
```sh ```sh
docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 80:8080 fnproject/fnserver docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 80:8080 fnproject/fnserver
@@ -50,6 +50,10 @@ One way is to mount the host Docker. Everything is essentially the same except y
docker run --rm --name functions -it -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/app/data -p 8080:8080 fnproject/fnserver docker run --rm --name functions -it -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/data:/app/data -p 8080:8080 fnproject/fnserver
``` ```
On Linux systems where SELinux is enabled and set to "Enforcing", SELinux will stop the container from accessing
the host docker and the local directory mounted as a volume, so this method cannot be used unless security restrictions
are disabled.
### Run outside Docker ### Run outside Docker
You can of course just run the binary directly, you'll just have to change how you set the environment variables above. You can of course just run the binary directly, you'll just have to change how you set the environment variables above.

20
docs/operating/selinux.md Normal file
View File

@@ -0,0 +1,20 @@
# Running on SELinux systems
Systems such as OEL 7.x where SELinux is enabled and the security policies are set to "Enforcing" will restrict Fn from
running containers and mounting volumes.
For local development, you can relax SELinux constraints by running this command in a root shell:
```sh
setenforce permissive
```
Then you will be able to run `fn start` as normal.
Alternatively, use the docker-in-docker deployment that a production system would use:
```sh
docker run --privileged --rm --name fns -it -v $PWD/data:/app/data -p 8080:8080 fnproject/functions
```
Check the [operating options](options.md) for further details about this.