Bug #12398
closedWrite to /var/run/foreman/pids/dynflow_executor.output is prevented
Description
When users configure for sendmail, we block this.
Updated by Lukas Zapletal over 8 years ago
- Tracker changed from Feature to Bug
- Subject changed from Create boolean for sendmail to Write to /var/run/foreman/pids/dynflow_executor.output is prevented
Oh we do this already, the error user see is:
SELinux is preventing /usr/sbin/sendmail.postfix from append access on the file /var/run/foreman/pids/dynflow_executor.output
type=AVC msg=audit(1445266684.536:1061): avc: denied { append } for pid=20151 comm="sendmail" path="/var/run/foreman/pids/dynflow_executor.output" dev=dm-1 ino=1711405 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:foreman_var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1445266684.536:1061): arch=x86_64 syscall=execve success=yes exit=0 a0=984aa0 a1=983470 a2=983140 a3=38 items=0 ppid=2893 pid=20151 auid=4294967295 uid=495 gid=494 euid=495 suid=495 fsuid=495 egid=494 sgid=494 fsgid=494 tty=(none) ses=4294967295 comm=sendmail exe=/usr/sbin/sendmail.postfix subj=system_u:system_r:system_mail_t:s0 key=(null)
Updated by Lukas Zapletal over 8 years ago
- Category deleted (
General Foreman)
This is file descriptor leak in foreman-tasks / daemons gem. It redirects STDOUT/STDERR in this file, so when we change the SELinux domain it is prevented from appending there. We should either log to a safe directory, or better output should be sent to syslog/journald (a patch for daemons gem is needed for that).
Updated by Lukas Zapletal over 8 years ago
Attempt to add syslog support into daemons gem: https://github.com/thuehlinger/daemons/pull/43
Then we only need to make sure our policy allows syslog (logging_send_syslog_msg macro).
Updated by Lukas Zapletal about 7 years ago
Patch in daemons rubygem was merged, this will be part of 1.2.5+ release.
Updated by Lukas Zapletal about 7 years ago
- Related to Feature #18635: Redirect stdout to syslog added
Updated by Lukas Zapletal almost 4 years ago
- Status changed from New to Resolved