Project

General

Profile

Actions

Bug #13041

closed

selinux context on /var/run/rubygem-passenger/passenger.*/generation-0/request issue after log rotation.

Added by Nicolas Di Gregorio about 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
General Foreman
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Hi All,

After upgrading a working well foreman 1.6 to 1.10 on a selinux enabled Red Hat 6.5 I encountered the following issue: at end of log rotation, httpd is reload and the socket /var/run/rubygem-passenger/passenger.xxxxx/generation-0/request is reniewed and get the wrong selinux context "var_run_t" instead of "passenger_var_run_t".

This can be spotted in the httpd error_log by the following message:

[ 2016-01-04 02:21:52.8778 42240/7fcf5067c7e0 apache2/Hooks.cpp:772 ]: Unexpected error in mod_passenger: Cannot connect to Unix socket '/var/run/rubygem-passenger/passenger.1.0.43973/generation-0/request': Permission denied (errno=13)
  Backtrace:
     in 'Passenger::FileDescriptor Hooks::connectToHelperAgent()' (Hooks.cpp:248)
     in 'int Hooks::handleRequest(request_rec*)' (Hooks.cpp:532)

After adding a context rules, the issue is solved.

[root@xxxx ~]# semanage fcontext -a -t passenger_var_run_t "/var/run/rubygem-passenger(.*)?" 
[root@xxxx ~]# restorecon -Rv /var/run/
restorecon reset /var/run/rubygem-passenger context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878 context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0 context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/logging_admin context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/admin-manipulation-password.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/structure_version.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/helper_admin context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/request context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/buffered_uploads context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/passenger-status-password.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/web_server.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/spawn-server context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/logging context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/config_files.txt context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/backends context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0
restorecon reset /var/run/rubygem-passenger/passenger.1.0.5878/generation-0/backends/ruby.9YVZAep5G3Z0I83Hi68LGGcqi context system_u:object_r:var_run_t:s0->system_u:object_r:passenger_var_run_t:s0


Related issues 1 (0 open1 closed)

Related to Packaging - Bug #8392: passenger-status broken on EL7ClosedDominic Cleal11/13/2014Actions
Actions #1

Updated by Dominic Cleal about 8 years ago

  • Related to Bug #8392: passenger-status broken on EL7 added
Actions #2

Updated by The Foreman Bot about 8 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Lukas Zapletal
  • Pull request https://github.com/theforeman/foreman-selinux/pull/55 added
Actions #3

Updated by Dominic Cleal about 8 years ago

  • Category set to General Foreman
  • translation missing: en.field_release set to 123
Actions #4

Updated by Anonymous about 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF