Missing SELinux policies when using instances

[bostrowski13]

As I was implementing a number of instances on my RHEL 7.x i ran into 2 issues.

1. It doesn't look like ulimit is getting set correctly for each service. It looks like this could be implemented on each individual service level with this in the systemd unit file. LimitNOFILE=$ulimit

Since the available class for ulimit is private and not being called unless you use config via the "default_install => true" arguement, i think its a pretty safe addition to add it to the unit file template and reference it where necessary.

2. I'm using selinux (because RHEL). and because i'm defining multiple instances, every instance runs on a different port. The problem was the port group for selinux was not allowing me start the service. i was receiving the following error in the redis logfile.

# Creating Server TCP listening socket 192.168.0.5:6381: bind: Permission denied

After looking around a bit, i found that the selinux group is not configured to allow the non-default port i was using (6381) to bind.

# semanage port -l | grep "redis_port_t"
redis_port_t                   tcp      6379, 16379, 26379

I was able to temporarily work around this with the addition of the non-default port semanage port -a -t redis_port_t -p tcp 6381

now its all happy...

# semanage port -l | grep "redis_port_t"
redis_port_t                   tcp      6381, 6379, 16379, 26379