Using Posit Workbench / RStudio Server Pro on SELinux

Follow

Posit Workbench (previously RStudio Server Pro) does not work out of the box on a system with SELinux enabled. A pragmatic solution is to grant the blocked applications more permissions.

First disable SELinux and restart Posit Workbench:

sudo setenforce 0
sudo rstudio-server restart

Login to Posit Workbench, create a session, do something in R, ...
List all the things that would have been blocked:

sudo sealert -l "*"

Typically rserver , rstudio-launcher and rworkspace cause problems, but there might be others as well. The easiest solution is to allow everything that has been blocked, e.g.,

sudo ausearch -c 'rserver-launche' --raw | audit2allow -M my-rserverlaunche
sudo semodule -i my-rserverlaunche.pp

These commands are also listed in the output of sealert . Sometimes you have to repreat this multiple times. Using:

sudo semodule -l

you can check that the correct policy is installed.

Finally re-enable SELinux and restart Posit Workbench:

sudo setenforce 1
sudo rstudio-server restart

 

Additional Note: 

If the steps above are unable to resolve your SELinux related errors, you may also try changing the file context associated with the /usr/lib/rstudio-server/bin directory using this command:

chcon -R -t bin_t /usr/lib/rstudio-server/bin/

This will change the context off all the files in this directory from the filesystem hierarchy default of lib_t to bin_t, which has additional capabilities.

Comments