Project

General

Profile

Actions
Copy link

Bug #11934

closed

Installation fails on RHEL 7.2 beta

Added by Lukas Zapletal over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
General Foreman
Target version:
1.9.3
Difficulty:
Triaged:
Bugzilla link:
1265544
Pull request:
https://github.com/theforeman/foreman-selinux/pull/53
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Description of problem:

Running foreman-installer started to fail on RHEL 7.2 composes.

Version-Release number of selected component (if applicable):

selinux-policy-3.13.1-52.el7.noarch

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run foreman-installer.

Actual results:

  1. [ERROR 2015-09-23 02:33:51 verbose] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.example.com]: Could not evaluate: Proxy foreman.example.com cannot be registered (Could not load data from https://foreman.example.com# [ INFO 2015-09-23 02:33:51 verbose] - is your server down?
  2. [ INFO 2015-09-23 02:33:51 verbose] - was rake apipie:cache run when using apipie cache? (typical production settings)): N/A
    [...]
  3. Something went wrong! Check the log for ERROR-level output

Expected results:

No error

Additional info:

AVC denials:

avc: denied { getattr } for pid=23191 comm="httpd" path="/etc/puppet/rack/config.ru" dev="dm-0" ino=815544 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file

  1. sesearch --allow -s httpd_t -t puppet_etc_t
    Found 2 semantic av rules:
    allow httpd_t file_type : filesystem getattr ;
    allow httpd_t file_type : dir { getattr search open } ;

On selinux-policy-3.13.1-49.el7.noarch where things work, sesearch says

Found 4 semantic av rules:
allow httpd_t file_type : filesystem getattr ;
allow httpd_t file_type : dir { getattr search open } ;
allow httpd_t puppet_etc_t : file { ioctl read getattr lock open } ;
allow httpd_t puppet_etc_t : dir { getattr search open } ;

Actions
Copy link
 #1

Updated by The Foreman Bot over 9 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman-selinux/pull/53 added
  • Pull request deleted ()
Actions
Copy link
 #2

Updated by Dominic Cleal over 9 years ago

The foreman-selinux-enable error:

  Installing : foreman-selinux-1.10.0-0.develop.201509210827gitd3a9081.el7.noarch                                                  1/1 
libsepol.print_missing_requirements: foreman's global requirements were not met: type/attribute docker_var_run_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
ValueError: Could not commit semanage transaction
ValueError: Type elasticsearch_port_t is invalid, must be a port type
warning: %post(foreman-selinux-1.10.0-0.develop.201509210827gitd3a9081.el7.noarch) scriptlet failed, exit status 1
Actions
Copy link
 #3

Updated by Dominic Cleal over 9 years ago

  • Translation missing: en.field_release set to 91
Actions
Copy link
 #4

Updated by Anonymous over 9 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF