Posit Workbench (previously RStudio Server Pro) does not work out of the box on a system with SELinux enabled. A pragmatic solution is to grant the blocked applications more permissions.
First disable SELinux and restart Posit Workbench:
sudo setenforce 0
sudo rstudio-server restart
Login to Posit Workbench, create a session, do something in R, ...
List all the things that would have been blocked:
sudo sealert -l "*"
Typically rserver
, rstudio-launcher
and rworkspace
cause problems, but there might be others as well. The easiest solution is to allow everything that has been blocked, e.g.,
sudo ausearch -c 'rserver-launche' --raw | audit2allow -M my-rserverlaunche
sudo semodule -i my-rserverlaunche.pp
These commands are also listed in the output of sealert
. Sometimes you have to repreat this multiple times. Using:
sudo semodule -l
you can check that the correct policy is installed.
Finally re-enable SELinux and restart Posit Workbench:
sudo setenforce 1
sudo rstudio-server restart
Additional Note:
If the steps above are unable to resolve your SELinux related errors, you may also try changing the file context associated with the /usr/lib/rstudio-server/bin directory using this command:
chcon -R -t bin_t /usr/lib/rstudio-server/bin/
This will change the context off all the files in this directory from the filesystem hierarchy default of lib_t to bin_t, which has additional capabilities.
Comments