Actions
Bug #6115
closedDenials with nightly
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Packaging
Target version:
-
Description
Installed, then executed foreman-debug:
type=AVC msg=audit(1402297207.624:80): avc: denied { read write } for pid=9153 comm="initdb" path="/tmp/puppet20140609-8628-dhgi1u-0" dev=vda3 ino=187315 scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1402297207.624:80): avc: denied { read write } for pid=9153 comm="initdb" path="/tmp/puppet20140609-8628-dhgi1u-0" dev=vda3 ino=187315 scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:initrc_tmp_t:s0 tclass=file type=AVC msg=audit(1402297356.641:126): avc: denied { execute } for pid=10047 comm="ruby" name="node.rb" dev=vda3 ino=150194 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file type=AVC msg=audit(1402297356.641:126): avc: denied { execute_no_trans } for pid=10047 comm="ruby" path="/etc/puppet/node.rb" dev=vda3 ino=150194 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file type=AVC msg=audit(1402297496.028:130): avc: denied { ioctl } for pid=13735 comm="ping" path="/root/foreman-debug/ping_localhost" dev=vda3 ino=187728 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402297496.031:131): avc: denied { ioctl } for pid=13737 comm="ping" path="/root/foreman-debug/ping_hostname" dev=vda3 ino=187729 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402297496.035:132): avc: denied { ioctl } for pid=13739 comm="ping" path="/root/foreman-debug/ping_hostname_full" dev=vda3 ino=187730 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402297509.661:153): avc: denied { ioctl } for pid=14358 comm="ping" path="/root/nightly-2014060903051402297507/sos_commands/foreman/foreman-debug/ping_localhost" dev=vda3 ino=188381 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402297509.666:154): avc: denied { ioctl } for pid=14360 comm="ping" path="/root/nightly-2014060903051402297507/sos_commands/foreman/foreman-debug/ping_hostname" dev=vda3 ino=188382 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402297509.669:155): avc: denied { ioctl } for pid=14362 comm="ping" path="/root/nightly-2014060903051402297507/sos_commands/foreman/foreman-debug/ping_hostname_full" dev=vda3 ino=188383 scontext=system_u:system_r:ping_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file type=AVC msg=audit(1402298342.067:182): avc: denied { write } for pid=15386 comm="logrotate" name="logrotate.status" dev=vda3 ino=21866 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file
Some of these belong to foreman-debug.
Updated by Lukas Zapletal almost 10 years ago
- Category set to Packaging
#============= logrotate_t ==============
files_manage_urandom_seed(logrotate_t)
#============= passenger_t ==============
allow passenger_t puppet_etc_t:file { execute execute_no_trans };
#============= ping_t ==============
userdom_read_admin_home_files(ping_t)
#============= postgresql_t ==============
init_rw_inherited_script_tmp_files(postgresql_t)
Updated by Lukas Zapletal almost 4 years ago
- Status changed from New to Rejected
I am doing a cleanup of old SELinux bug reports. We are removing puppetmaster policy based on passenger_t, most of these bugs were related to that.
Actions