Bug #11934
closedInstallation fails on RHEL 7.2 beta
Description
Description of problem:
Running foreman-installer started to fail on RHEL 7.2 composes.
Version-Release number of selected component (if applicable):
selinux-policy-3.13.1-52.el7.noarch
How reproducible:
Deterministic.
Steps to Reproduce:
1. Run foreman-installer.
Actual results:
- [ERROR 2015-09-23 02:33:51 verbose] /Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[foreman.example.com]: Could not evaluate: Proxy foreman.example.com cannot be registered (Could not load data from https://foreman.example.com# [ INFO 2015-09-23 02:33:51 verbose] - is your server down?
- [ INFO 2015-09-23 02:33:51 verbose] - was rake apipie:cache run when using apipie cache? (typical production settings)): N/A
[...] - Something went wrong! Check the log for ERROR-level output
Expected results:
No error
Additional info:
AVC denials:
avc: denied { getattr } for pid=23191 comm="httpd" path="/etc/puppet/rack/config.ru" dev="dm-0" ino=815544 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:puppet_etc_t:s0 tclass=file
- sesearch --allow -s httpd_t -t puppet_etc_t
Found 2 semantic av rules:
allow httpd_t file_type : filesystem getattr ;
allow httpd_t file_type : dir { getattr search open } ;
On selinux-policy-3.13.1-49.el7.noarch where things work, sesearch says
Found 4 semantic av rules:
allow httpd_t file_type : filesystem getattr ;
allow httpd_t file_type : dir { getattr search open } ;
allow httpd_t puppet_etc_t : file { ioctl read getattr lock open } ;
allow httpd_t puppet_etc_t : dir { getattr search open } ;