Page MenuHomePhabricator

Diffusion/Doc: add systemd Unit file to Diffusion_Hosting SSHD Documentation
Closed, WontfixPublic


I want to improve the Documentation for Diffusion a little in regards to SELinux and started by creating a patch to easily allow new users to create a systemd Unit to automatically start the Phabricator SSHD with the system. However, arc diff told me I don't have the necessary rights to push a change into the staging area.

Commit Description:
Most distributions nowadays use systemd as their init system.
Therefore it is reasonable to include a Unit declaration to the
documentation that automatically starts the Phabricator SSHD with the

Event Timeline

epriestley claimed this task.

System-specific configuration like SELinux and systemd is outside the scope of Phabricator. See T4200 for discussion.

Feel free to publish these instructions elsewhere and link them in Community Resources.

Agreed with the systemd part, that would have been just for convenience of new users.

But, you guys should at least mention potential problems with SELinux/AppArmor somewhere at the beginning of your documentation and provide some pointers on how to resolve them (like Community Resources, which I saw the first time with the link you provided. The long comment on T4947 was really helpful).

Sadly, disabling SELinux was not an option for me, since I want to run phabricator on a company server and it was a major pain to even realize that the problems with diffusion hosting (ssh clone denied, phabricator not being able to show git repo contents) and file storage were caused by SELinux. A colleague of mine tried to install phabricator a few month ago and gave up because "it is still too bloody buggy to actually use".

Unfortunately, there are lots of phabricator installation guides out there, because the Documentation is considered either too old or incomplete, which makes finding the right and correct information not always easy. That's why I wanted to enhance the documentation.

See some discussion of SELinux in T4947. We'd prefer to find a way to detect that SELinux or AppArmor are running, and warn the user only if they are affected. We've generally had much greater success with raising specific setup warnings during setup than with putting notes in documentation (which users often do not read). We do not currently have a test for SELinux / AppArmor, although it is possible that these tests are straightforward.

By "test", I mean some command we can run like selinux status or apparmor status which is diagnostically useful (via output or exit code) in assessing whether the corresponding mechanism is enabled on the current host.

That is actually a great idea and way more elegant. Keep up the great work and thanks for your effort!